SUSE-SU-2026:2841-1
Vulnerability from csaf_suse - Published: 2026-07-10 09:25 - Updated: 2026-07-10 09:25Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2026-31771: Bluetooth: Ignore HCI_ERROR_CANCELLED_BY_HOST on adv set terminated event (bsc#1264145).
- CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach() (bsc#1264097).
- CVE-2026-46090: ALSA: aloop: Fix peer runtime UAF during format-change stop (bsc#1267531).
- CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task (bsc#1267722).
- CVE-2026-46229: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure (bsc#1267567).
- CVE-2026-46253: pstore/ram: fix buffer overflow in persistent_ram_save_old() (bsc#1267635).
- CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP (bsc#1267684).
- CVE-2026-46319: net/sched: act_ct: Only release RCU read lock after ct_ft (bsc#1268022).
- CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp() (bsc#1267993).
- CVE-2026-46331: net/sched: fix pedit partial COW leading to page cache (bsc#1265421).
- CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device (bsc#1268660).
- CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100).
- CVE-2026-52923: ipc: limit next_id allocation to the valid ID range (bsc#1269033).
- CVE-2026-52924: sctp: purge outqueue on stale COOKIE-ECHO handling (bsc#1269036).
- CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve helpers (bsc#1269022).
- CVE-2026-52955: libceph: Fix potential out-of-bounds access in crush_decode() (bsc#1269159).
- CVE-2026-52969: KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (bsc#1269184).
- CVE-2026-52972: crypto: af_alg - Cap AEAD AD length to 0x80000000 (bsc#1269195).
- CVE-2026-52993: tipc: fix double-free in tipc_buf_append() (bsc#1269193).
- CVE-2026-53016: crypto: ccp - copy IV using skcipher ivsize (bsc#1269090).
- CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full (bsc#1269398).
- CVE-2026-53053: iommu/amd: Fix clone_alias() to use the original device's devid (bsc#1269310).
- CVE-2026-53071: Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp (bsc#1269678).
- CVE-2026-53072: Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER (bsc#1269681).
- CVE-2026-53133: RDMA/umem: Fix truncation for block sizes >= 4G (bsc#1269821).
- CVE-2026-53253: Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (bsc#1269574).
- CVE-2026-53359: KVM: x86: Fix shadow paging use-after-free due to unexpected role (bsc#1270059).
Patchnames: SUSE-2026-2841,SUSE-SLE-Micro-5.3-2026-2841,SUSE-SLE-Micro-5.4-2026-2841
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
141 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-31771: Bluetooth: Ignore HCI_ERROR_CANCELLED_BY_HOST on adv set terminated event (bsc#1264145).\n- CVE-2026-43038: ipv6: icmp: clear skb2-\u003ecb in ip6_err_gen_icmpv6_unreach() (bsc#1264097).\n- CVE-2026-46090: ALSA: aloop: Fix peer runtime UAF during format-change stop (bsc#1267531).\n- CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task (bsc#1267722).\n- CVE-2026-46229: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure (bsc#1267567).\n- CVE-2026-46253: pstore/ram: fix buffer overflow in persistent_ram_save_old() (bsc#1267635).\n- CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP (bsc#1267684).\n- CVE-2026-46319: net/sched: act_ct: Only release RCU read lock after ct_ft (bsc#1268022).\n- CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp() (bsc#1267993).\n- CVE-2026-46331: net/sched: fix pedit partial COW leading to page cache (bsc#1265421).\n- CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device (bsc#1268660).\n- CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100).\n- CVE-2026-52923: ipc: limit next_id allocation to the valid ID range (bsc#1269033).\n- CVE-2026-52924: sctp: purge outqueue on stale COOKIE-ECHO handling (bsc#1269036).\n- CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve helpers (bsc#1269022).\n- CVE-2026-52955: libceph: Fix potential out-of-bounds access in crush_decode() (bsc#1269159).\n- CVE-2026-52969: KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (bsc#1269184).\n- CVE-2026-52972: crypto: af_alg - Cap AEAD AD length to 0x80000000 (bsc#1269195).\n- CVE-2026-52993: tipc: fix double-free in tipc_buf_append() (bsc#1269193).\n- CVE-2026-53016: crypto: ccp - copy IV using skcipher ivsize (bsc#1269090).\n- CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full (bsc#1269398).\n- CVE-2026-53053: iommu/amd: Fix clone_alias() to use the original device\u0027s devid (bsc#1269310).\n- CVE-2026-53071: Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp (bsc#1269678).\n- CVE-2026-53072: Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER (bsc#1269681).\n- CVE-2026-53133: RDMA/umem: Fix truncation for block sizes \u003e= 4G (bsc#1269821).\n- CVE-2026-53253: Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (bsc#1269574).\n- CVE-2026-53359: KVM: x86: Fix shadow paging use-after-free due to unexpected role (bsc#1270059).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2841,SUSE-SLE-Micro-5.3-2026-2841,SUSE-SLE-Micro-5.4-2026-2841",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2841-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2841-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262841-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2841-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/048108.html"
},
{
"category": "self",
"summary": "SUSE Bug 1264097",
"url": "https://bugzilla.suse.com/1264097"
},
{
"category": "self",
"summary": "SUSE Bug 1264145",
"url": "https://bugzilla.suse.com/1264145"
},
{
"category": "self",
"summary": "SUSE Bug 1265421",
"url": "https://bugzilla.suse.com/1265421"
},
{
"category": "self",
"summary": "SUSE Bug 1267531",
"url": "https://bugzilla.suse.com/1267531"
},
{
"category": "self",
"summary": "SUSE Bug 1267567",
"url": "https://bugzilla.suse.com/1267567"
},
{
"category": "self",
"summary": "SUSE Bug 1267635",
"url": "https://bugzilla.suse.com/1267635"
},
{
"category": "self",
"summary": "SUSE Bug 1267684",
"url": "https://bugzilla.suse.com/1267684"
},
{
"category": "self",
"summary": "SUSE Bug 1267722",
"url": "https://bugzilla.suse.com/1267722"
},
{
"category": "self",
"summary": "SUSE Bug 1267918",
"url": "https://bugzilla.suse.com/1267918"
},
{
"category": "self",
"summary": "SUSE Bug 1267993",
"url": "https://bugzilla.suse.com/1267993"
},
{
"category": "self",
"summary": "SUSE Bug 1268022",
"url": "https://bugzilla.suse.com/1268022"
},
{
"category": "self",
"summary": "SUSE Bug 1268660",
"url": "https://bugzilla.suse.com/1268660"
},
{
"category": "self",
"summary": "SUSE Bug 1269022",
"url": "https://bugzilla.suse.com/1269022"
},
{
"category": "self",
"summary": "SUSE Bug 1269033",
"url": "https://bugzilla.suse.com/1269033"
},
{
"category": "self",
"summary": "SUSE Bug 1269036",
"url": "https://bugzilla.suse.com/1269036"
},
{
"category": "self",
"summary": "SUSE Bug 1269090",
"url": "https://bugzilla.suse.com/1269090"
},
{
"category": "self",
"summary": "SUSE Bug 1269100",
"url": "https://bugzilla.suse.com/1269100"
},
{
"category": "self",
"summary": "SUSE Bug 1269159",
"url": "https://bugzilla.suse.com/1269159"
},
{
"category": "self",
"summary": "SUSE Bug 1269184",
"url": "https://bugzilla.suse.com/1269184"
},
{
"category": "self",
"summary": "SUSE Bug 1269193",
"url": "https://bugzilla.suse.com/1269193"
},
{
"category": "self",
"summary": "SUSE Bug 1269195",
"url": "https://bugzilla.suse.com/1269195"
},
{
"category": "self",
"summary": "SUSE Bug 1269310",
"url": "https://bugzilla.suse.com/1269310"
},
{
"category": "self",
"summary": "SUSE Bug 1269398",
"url": "https://bugzilla.suse.com/1269398"
},
{
"category": "self",
"summary": "SUSE Bug 1269574",
"url": "https://bugzilla.suse.com/1269574"
},
{
"category": "self",
"summary": "SUSE Bug 1269678",
"url": "https://bugzilla.suse.com/1269678"
},
{
"category": "self",
"summary": "SUSE Bug 1269681",
"url": "https://bugzilla.suse.com/1269681"
},
{
"category": "self",
"summary": "SUSE Bug 1269821",
"url": "https://bugzilla.suse.com/1269821"
},
{
"category": "self",
"summary": "SUSE Bug 1270059",
"url": "https://bugzilla.suse.com/1270059"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31771 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31771/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43038 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43038/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46090 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46173 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46253 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46266 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46266/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46319 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46320 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46320/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46331 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-52909 page",
"url": "https://www.suse.com/security/cve/CVE-2026-52909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-52918 page",
"url": "https://www.suse.com/security/cve/CVE-2026-52918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-52923 page",
"url": "https://www.suse.com/security/cve/CVE-2026-52923/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-52924 page",
"url": "https://www.suse.com/security/cve/CVE-2026-52924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-52943 page",
"url": "https://www.suse.com/security/cve/CVE-2026-52943/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-52955 page",
"url": "https://www.suse.com/security/cve/CVE-2026-52955/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-52969 page",
"url": "https://www.suse.com/security/cve/CVE-2026-52969/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-52972 page",
"url": "https://www.suse.com/security/cve/CVE-2026-52972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-52993 page",
"url": "https://www.suse.com/security/cve/CVE-2026-52993/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53016 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53041 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53053 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53071 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53072 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53133 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53253 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-53359 page",
"url": "https://www.suse.com/security/cve/CVE-2026-53359/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-07-10T09:25:02Z",
"generator": {
"date": "2026-07-10T09:25:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2841-1",
"initial_release_date": "2026-07-10T09:25:02Z",
"revision_history": [
{
"date": "2026-07-10T09:25:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150400.15.176.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150400.15.176.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150400.15.176.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150400.15.176.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150400.15.176.1.x86_64",
"product_id": "kernel-rt-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150400.15.176.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150400.15.176.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150400.15.176.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.176.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150400.15.176.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150400.15.176.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150400.15.176.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150400.15.176.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150400.15.176.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150400.15.176.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150400.15.176.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.176.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.176.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.176.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.176.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.176.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.176.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31771",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31771"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_event: move wake reason storage into validated event handlers\n\nhci_store_wake_reason() is called from hci_event_packet() immediately\nafter stripping the HCI event header but before hci_event_func()\nenforces the per-event minimum payload length from hci_ev_table.\nThis means a short HCI event frame can reach bacpy() before any bounds\ncheck runs.\n\nRather than duplicating skb parsing and per-event length checks inside\nhci_store_wake_reason(), move wake-address storage into the individual\nevent handlers after their existing event-length validation has\nsucceeded. Convert hci_store_wake_reason() into a small helper that only\nstores an already-validated bdaddr while the caller holds hci_dev_lock().\nUse the same helper after hci_event_func() with a NULL address to\npreserve the existing unexpected-wake fallback semantics when no\nvalidated event handler records a wake address.\n\nAnnotate the helper with __must_hold(\u0026hdev-\u003elock) and add\nlockdep_assert_held(\u0026hdev-\u003elock) so future call paths keep the lock\ncontract explicit.\n\nCall the helper from hci_conn_request_evt(), hci_conn_complete_evt(),\nhci_sync_conn_complete_evt(), le_conn_complete_evt(),\nhci_le_adv_report_evt(), hci_le_ext_adv_report_evt(),\nhci_le_direct_adv_report_evt(), hci_le_pa_sync_established_evt(), and\nhci_le_past_received_evt().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31771",
"url": "https://www.suse.com/security/cve/CVE-2026-31771"
},
{
"category": "external",
"summary": "SUSE Bug 1264145 for CVE-2026-31771",
"url": "https://bugzilla.suse.com/1264145"
},
{
"category": "external",
"summary": "SUSE Bug 1264146 for CVE-2026-31771",
"url": "https://bugzilla.suse.com/1264146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-31771"
},
{
"cve": "CVE-2026-43038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43038"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: icmp: clear skb2-\u003ecb[] in ip6_err_gen_icmpv6_unreach()\n\nSashiko AI-review observed:\n\n In ip6_err_gen_icmpv6_unreach(), the skb is an outer IPv4 ICMP error packet\n where its cb contains an IPv4 inet_skb_parm. When skb is cloned into skb2\n and passed to icmp6_send(), it uses IP6CB(skb2).\n\n IP6CB interprets the IPv4 inet_skb_parm as an inet6_skb_parm. The cipso\n offset in inet_skb_parm.opt directly overlaps with dsthao in inet6_skb_parm\n at offset 18.\n\n If an attacker sends a forged ICMPv4 error with a CIPSO IP option, dsthao\n would be a non-zero offset. Inside icmp6_send(), mip6_addr_swap() is called\n and uses ipv6_find_tlv(skb, opt-\u003edsthao, IPV6_TLV_HAO).\n\n This would scan the inner, attacker-controlled IPv6 packet starting at that\n offset, potentially returning a fake TLV without checking if the remaining\n packet length can hold the full 18-byte struct ipv6_destopt_hao.\n\n Could mip6_addr_swap() then perform a 16-byte swap that extends past the end\n of the packet data into skb_shared_info?\n\n Should the cb array also be cleared in ip6_err_gen_icmpv6_unreach() and\n ip6ip6_err() to prevent this?\n\nThis patch implements the first suggestion.\n\nI am not sure if ip6ip6_err() needs to be changed.\nA separate patch would be better anyway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43038",
"url": "https://www.suse.com/security/cve/CVE-2026-43038"
},
{
"category": "external",
"summary": "SUSE Bug 1264097 for CVE-2026-43038",
"url": "https://bugzilla.suse.com/1264097"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "moderate"
}
],
"title": "CVE-2026-43038"
},
{
"cve": "CVE-2026-46090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: aloop: Fix peer runtime UAF during format-change stop\n\nloopback_check_format() may stop the capture side when playback starts\nwith parameters that no longer match a running capture stream. Commit\n826af7fa62e3 (\"ALSA: aloop: Fix racy access at PCM trigger\") moved\nthe peer lookup under cable-\u003elock, but the actual snd_pcm_stop() still\nruns after dropping that lock.\n\nA concurrent close can clear the capture entry from cable-\u003estreams[] and\ndetach or free its runtime while the playback trigger path still holds a\nstale peer substream pointer.\n\nKeep a per-cable count of in-flight peer stops before dropping\ncable-\u003elock, and make free_cable() wait for those stops before\ndetaching the runtime. This preserves the existing behavior while\nmaking the peer runtime lifetime explicit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46090",
"url": "https://www.suse.com/security/cve/CVE-2026-46090"
},
{
"category": "external",
"summary": "SUSE Bug 1267531 for CVE-2026-46090",
"url": "https://bugzilla.suse.com/1267531"
},
{
"category": "external",
"summary": "SUSE Bug 1267895 for CVE-2026-46090",
"url": "https://bugzilla.suse.com/1267895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-46090"
},
{
"cve": "CVE-2026-46173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexit: prevent preemption of oopsing TASK_DEAD task\n\nWhen an already-exiting task oopses, make_task_dead() currently calls\ndo_task_dead() with preemption enabled. That is forbidden:\ndo_task_dead() calls __schedule(), which has a comment saying \"WARNING:\nmust be called with preemption disabled!\".\n\nIf an oopsing task is preempted in do_task_dead(), between becoming\nTASK_DEAD and entering the scheduler explicitly, bad things happen:\nfinish_task_switch() assumes that once the scheduler has switched away\nfrom a TASK_DEAD task, the task can never run again and its stack is no\nlonger needed; but that assumption apparently doesn\u0027t hold if the dead\ntask was preempted (the SM_PREEMPT case).\n\nThis means that the scheduler ends up repeatedly dropping references on\nthe dead task\u0027s stack, which can lead to use-after-free or double-free\nof the entire task stack; in other words, two tasks can end up running\non the same stack, resulting in various kinds of memory corruption.\n\n(This does not just affect \"recursively oopsing\" tasks; it is enough to\noops once during task exit, for example in a file_operations::release\nhandler)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46173",
"url": "https://www.suse.com/security/cve/CVE-2026-46173"
},
{
"category": "external",
"summary": "SUSE Bug 1267722 for CVE-2026-46173",
"url": "https://bugzilla.suse.com/1267722"
},
{
"category": "external",
"summary": "SUSE Bug 1267723 for CVE-2026-46173",
"url": "https://bugzilla.suse.com/1267723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-46173"
},
{
"cve": "CVE-2026-46229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Clear VRAM on allocation to prevent stale data exposure\n\nKFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEASE\nbut not AMDGPU_GEM_CREATE_VRAM_CLEARED, leaving freshly allocated\nVRAM with stale data from prior use observable by compute kernels.\n\nThe GEM ioctl path already sets VRAM_CLEARED for all userspace\nallocations via amdgpu_gem_create_ioctl() and\namdgpu_mode_dumb_create(). The KFD path was missing this flag,\nallowing stale page table remnants to leak into user buffers.\n\nThis causes crashes in RCCL P2P transport where non-zero data in\nptrExchange/head/tail fields corrupts the protocol handshake.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46229",
"url": "https://www.suse.com/security/cve/CVE-2026-46229"
},
{
"category": "external",
"summary": "SUSE Bug 1267567 for CVE-2026-46229",
"url": "https://bugzilla.suse.com/1267567"
},
{
"category": "external",
"summary": "SUSE Bug 1267568 for CVE-2026-46229",
"url": "https://bugzilla.suse.com/1267568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-46229"
},
{
"cve": "CVE-2026-46253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: fix buffer overflow in persistent_ram_save_old()\n\npersistent_ram_save_old() can be called multiple times for the same\npersistent_ram_zone (e.g., via ramoops_pstore_read -\u003e ramoops_get_next_prz\nfor PSTORE_TYPE_DMESG records).\n\nCurrently, the function only allocates prz-\u003eold_log when it is NULL,\nbut it unconditionally updates prz-\u003eold_log_size to the current buffer\nsize and then performs memcpy_fromio() using this new size. If the\nbuffer size has grown since the first allocation (which can happen\nacross different kernel boot cycles), this leads to:\n\n1. A heap buffer overflow (OOB write) in the memcpy_fromio() calls\n2. A subsequent OOB read when ramoops_pstore_read() accesses the buffer\n using the incorrect (larger) old_log_size\n\nThe KASAN splat would look similar to:\n BUG: KASAN: slab-out-of-bounds in ramoops_pstore_read+0x...\n Read of size N at addr ... by task ...\n\nThe conditions are likely extremely hard to hit:\n\n 0. Crash with a ramoops write of less-than-record-max-size bytes.\n 1. Reboot: ramoops registers, pstore_get_records(0) reads old crash,\n allocates old_log with size X\n 2. Crash handler registered, timer started (if pstore_update_ms \u003e= 0)\n 3. Oops happens (non-fatal, system continues)\n 4. pstore_dump() writes oops via ramoops_pstore_write() size Y (\u003eX)\n 5. pstore_new_entry = 1, pstore_timer_kick() called\n 6. System continues running (not a panic oops)\n 7. Timer fires after pstore_update_ms milliseconds\n 8. pstore_timefunc() -\u003e schedule_work() -\u003e pstore_dowork() -\u003e pstore_get_records(1)\n 9. ramoops_get_next_prz() -\u003e persistent_ram_save_old()\n 10. buffer_size() returns Y, but old_log is X bytes\n 11. Y \u003e X: memcpy_fromio() overflows heap\n\n Requirements:\n - a prior crash record exists that did not fill the record size\n (almost impossible since the crash handler writes as much as it\n can possibly fit into the record, capped by max record size and\n the kmsg buffer almost always exceeds the max record size)\n - pstore_update_ms \u003e= 0 (disabled by default)\n - Non-fatal oops (system survives)\n\nFree and reallocate the buffer when the new size differs from the\npreviously allocated size. This ensures old_log always has sufficient\nspace for the data being copied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46253",
"url": "https://www.suse.com/security/cve/CVE-2026-46253"
},
{
"category": "external",
"summary": "SUSE Bug 1267635 for CVE-2026-46253",
"url": "https://bugzilla.suse.com/1267635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "moderate"
}
],
"title": "CVE-2026-46253"
},
{
"cve": "CVE-2026-46266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46266"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ninet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP\n\nYizhou Zhao reported that simply having one RAW socket on protocol\nIPPROTO_RAW (255) was dangerous.\n\n socket(AF_INET, SOCK_RAW, 255);\n\nA malicious incoming ICMP packet can set the protocol field to 255\nand match this socket, leading to FNHE cache changes.\n\ninner = IP(src=\"192.168.2.1\", dst=\"8.8.8.8\", proto=255)/Raw(\"TEST\")\npkt = IP(src=\"192.168.1.1\", dst=\"192.168.2.1\")/ICMP(type=3, code=4, nexthopmtu=576)/inner\n\n\"man 7 raw\" states:\n\n A protocol of IPPROTO_RAW implies enabled IP_HDRINCL and is able\n to send any IP protocol that is specified in the passed header.\n Receiving of all IP protocols via IPPROTO_RAW is not possible\n using raw sockets.\n\nMake sure we drop these malicious packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46266",
"url": "https://www.suse.com/security/cve/CVE-2026-46266"
},
{
"category": "external",
"summary": "SUSE Bug 1267684 for CVE-2026-46266",
"url": "https://bugzilla.suse.com/1267684"
},
{
"category": "external",
"summary": "SUSE Bug 1267888 for CVE-2026-46266",
"url": "https://bugzilla.suse.com/1267888"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-46266"
},
{
"cve": "CVE-2026-46274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio-wq: check that the predecessor is hashed in io_wq_remove_pending()\n\nio_wq_remove_pending() needs to fix up wq-\u003ehash_tail[] if the cancelled\nwork was the tail of its hash bucket. When doing this, it checks whether\nthe preceding entry in acct-\u003ework_list has the same hash value, but\nnever checks that the predecessor is hashed at all. io_get_work_hash()\nis simply atomic_read(\u0026work-\u003eflags) \u003e\u003e IO_WQ_HASH_SHIFT, and the hash\nbits are never set for non-hashed work, so it returns 0. Thus, when a\nhashed bucket-0 work is cancelled while a non-hashed work is its list\npredecessor, the check spuriously passes and a pointer to the non-hashed\nio_kiocb is stored in wq-\u003ehash_tail[0].\n\nBecause non-hashed work is dequeued via the fast path in\nio_get_next_work(), which never touches hash_tail[], the stale pointer\nis never cleared. Therefore, after the non-hashed io_kiocb completes and\nis freed back to req_cachep, wq-\u003ehash_tail[0] is a dangling pointer. The\nio_wq is per-task (tctx-\u003eio_wq) and survives ring open/close, so the\ndangling pointer persists for the lifetime of the task; the next hashed\nbucket-0 enqueue dereferences it in io_wq_insert_work() and\nwq_list_add_after() writes through freed memory.\n\nAdd the missing io_wq_is_hashed() check so a non-hashed predecessor\nnever inherits a hash_tail[] slot.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46274",
"url": "https://www.suse.com/security/cve/CVE-2026-46274"
},
{
"category": "external",
"summary": "SUSE Bug 1267918 for CVE-2026-46274",
"url": "https://bugzilla.suse.com/1267918"
},
{
"category": "external",
"summary": "SUSE Bug 1268624 for CVE-2026-46274",
"url": "https://bugzilla.suse.com/1268624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-46274"
},
{
"cve": "CVE-2026-46319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ct: Only release RCU read lock after ct_ft\n\nWhen looking up a flow table in act_ct in tcf_ct_flow_table_get(),\nrhashtable_lookup_fast() internally opens and closes an RCU read critical\nsection before returning ct_ft.\nThe tcf_ct_flow_table_cleanup_work() can complete before refcount_inc_not_zero()\nis invoked on the returned ct_ft resulting in a UAF on the already freed ct_ft\nobject. This vulnerability can lead to privilege escalation.\n\nAnalysis from zdi-disclosures@trendmicro.com:\nWhen initializing act_ct, tcf_ct_init() is called, which internally triggers\ntcf_ct_flow_table_get().\n\nstatic int tcf_ct_flow_table_get(struct net *net, struct tcf_ct_params *params)\n\n{\n struct zones_ht_key key = { .net = net, .zone = params-\u003ezone };\n struct tcf_ct_flow_table *ct_ft;\n int err = -ENOMEM;\n\n mutex_lock(\u0026zones_mutex);\n ct_ft = rhashtable_lookup_fast(\u0026zones_ht, \u0026key, zones_params); // [1]\n if (ct_ft \u0026\u0026 refcount_inc_not_zero(\u0026ct_ft-\u003eref)) // [2]\n goto out_unlock;\n ...\n}\n\nstatic __always_inline void *rhashtable_lookup_fast(\n struct rhashtable *ht, const void *key,\n const struct rhashtable_params params)\n{\n void *obj;\n\n rcu_read_lock();\n obj = rhashtable_lookup(ht, key, params);\n rcu_read_unlock();\n\n return obj;\n}\n\nAt [1], rhashtable_lookup_fast() looks up and returns the corresponding ct_ft\nfrom zones_ht . The lookup is performed within an RCU read critical section\nthrough rcu_read_lock() / rcu_read_unlock(), which prevents the object from\nbeing freed. However, at the point of function return, rcu_read_unlock() has\nalready been called, and there is nothing preventing ct_ft from being freed\nbefore reaching refcount_inc_not_zero(\u0026ct_ft-\u003eref) at [2]. This interval becomes\nthe race window, during which ct_ft can be freed.\n\nFree Process:\n\ntcf_ct_flow_table_put() is executed through the path tcf_ct_cleanup() call_rcu()\ntcf_ct_params_free_rcu() tcf_ct_params_free() tcf_ct_flow_table_put().\n\nstatic void tcf_ct_flow_table_put(struct tcf_ct_flow_table *ct_ft)\n{\n if (refcount_dec_and_test(\u0026ct_ft-\u003eref)) {\n rhashtable_remove_fast(\u0026zones_ht, \u0026ct_ft-\u003enode, zones_params);\n INIT_RCU_WORK(\u0026ct_ft-\u003erwork, tcf_ct_flow_table_cleanup_work); // [3]\n queue_rcu_work(act_ct_wq, \u0026ct_ft-\u003erwork);\n }\n}\n\nAt [3], tcf_ct_flow_table_cleanup_work() is scheduled as RCU work\n\nstatic void tcf_ct_flow_table_cleanup_work(struct work_struct *work)\n\n{\n struct tcf_ct_flow_table *ct_ft;\n struct flow_block *block;\n\n ct_ft = container_of(to_rcu_work(work), struct tcf_ct_flow_table,\n rwork);\n nf_flow_table_free(\u0026ct_ft-\u003enf_ft);\n block = \u0026ct_ft-\u003enf_ft.flow_block;\n down_write(\u0026ct_ft-\u003enf_ft.flow_block_lock);\n WARN_ON(!list_empty(\u0026block-\u003ecb_list));\n up_write(\u0026ct_ft-\u003enf_ft.flow_block_lock);\n kfree(ct_ft); // [4]\n\n module_put(THIS_MODULE);\n}\n\ntcf_ct_flow_table_cleanup_work() frees ct_ft at [4]. When this function executes\nbetween [1] and [2], UAF occurs.\n\nThis race condition has a very short race window, making it generally\ndifficult to trigger. Therefore, to trigger the vulnerability an msleep(100) was\ninserted after[1]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46319",
"url": "https://www.suse.com/security/cve/CVE-2026-46319"
},
{
"category": "external",
"summary": "SUSE Bug 1268022 for CVE-2026-46319",
"url": "https://bugzilla.suse.com/1268022"
},
{
"category": "external",
"summary": "SUSE Bug 1268281 for CVE-2026-46319",
"url": "https://bugzilla.suse.com/1268281"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-46319"
},
{
"cve": "CVE-2026-46320",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46320"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntap: free page on error paths in tap_get_user_xdp()\n\ntap_get_user_xdp() rejects a frame shorter than ETH_HLEN with -EINVAL,\nand returns -ENOMEM when build_skb() fails. Both paths jump to the err\nlabel without freeing the page that vhost_net_build_xdp() allocated for\nthe frame. tap_sendmsg() discards the per-buffer return value and always\nreturns 0, so vhost_tx_batch() takes the success path and never frees\nthe page; each rejected frame in a batch leaks one page-frag chunk.\n\nFree the page on both error paths, before the skb is built. This is the\ntap counterpart of the same leak in tun_xdp_one().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46320",
"url": "https://www.suse.com/security/cve/CVE-2026-46320"
},
{
"category": "external",
"summary": "SUSE Bug 1267993 for CVE-2026-46320",
"url": "https://bugzilla.suse.com/1267993"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "low"
}
],
"title": "CVE-2026-46320"
},
{
"cve": "CVE-2026-46331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46331"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix pedit partial COW leading to page cache corruption\n\ntcf_pedit_act() computes the COW range for skb_ensure_writable()\nonce before the key loop using tcfp_off_max_hint, but the hint does\nnot account for the runtime header offset added by typed keys. This\ncan leave part of the write region un-COW\u0027d.\n\nFix by moving skb_ensure_writable() inside the per-key loop where\nthe actual write offset is known, and add overflow checking on the\noffset arithmetic. For negative offsets (e.g. Ethernet header edits\nat ingress), use skb_cow() to COW the headroom instead. Guard\noffset_valid() against INT_MIN, where negation is undefined.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46331",
"url": "https://www.suse.com/security/cve/CVE-2026-46331"
},
{
"category": "external",
"summary": "SUSE Bug 1265421 for CVE-2026-46331",
"url": "https://bugzilla.suse.com/1265421"
},
{
"category": "external",
"summary": "SUSE Bug 1268335 for CVE-2026-46331",
"url": "https://bugzilla.suse.com/1268335"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-46331"
},
{
"cve": "CVE-2026-52909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-52909"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: set netns_immutable on the fallback device.\n\njohn1988 and Noam Rathaus reported that vti6_init_net() does not set the\nnetns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).\n\nOther similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)\ncorrectly set this flag during their fallback device initialization to\nprevent them from being moved to another network namespace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-52909",
"url": "https://www.suse.com/security/cve/CVE-2026-52909"
},
{
"category": "external",
"summary": "SUSE Bug 1268660 for CVE-2026-52909",
"url": "https://bugzilla.suse.com/1268660"
},
{
"category": "external",
"summary": "SUSE Bug 1268662 for CVE-2026-52909",
"url": "https://bugzilla.suse.com/1268662"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-52909"
},
{
"cve": "CVE-2026-52918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-52918"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: serialize accept_q access\n\nbt_sock_poll() walks the accept queue without synchronization, while\nchild teardown can unlink the same socket and drop its last reference.\nThe unsynchronized accept queue walk has existed since the initial\nBluetooth import.\n\nProtect accept_q with a dedicated lock for queue updates and polling.\nAlso rework bt_accept_dequeue() to take temporary child references under\nthe queue lock before dropping it and locking the child socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-52918",
"url": "https://www.suse.com/security/cve/CVE-2026-52918"
},
{
"category": "external",
"summary": "SUSE Bug 1269100 for CVE-2026-52918",
"url": "https://bugzilla.suse.com/1269100"
},
{
"category": "external",
"summary": "SUSE Bug 1269102 for CVE-2026-52918",
"url": "https://bugzilla.suse.com/1269102"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-52918"
},
{
"cve": "CVE-2026-52923",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-52923"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc: limit next_id allocation to the valid ID range\n\nThe checkpoint/restore sysctl path can request the next SysV IPC id\nthrough ids-\u003enext_id. ipc_idr_alloc() currently forwards that request to\nidr_alloc() with an open-ended upper bound.\n\nIf the valid tail of the SysV IPC id space is full, the allocation can\nspill beyond ipc_mni. The returned SysV IPC id still uses the normal\nindex encoding, so later lookup and removal can target the wrong slot. \nThis leaves the real IDR entry behind and breaks the IDR state for the\nobject.\n\nThe bug is in ipc_idr_alloc() in the checkpoint/restore path.\n\n1. ids-\u003enext_id is passed to:\n\n idr_alloc(\u0026ids-\u003eipcs_idr, new, ipcid_to_idx(next_id), 0, ...)\n\n2. The zero upper bound makes the allocation effectively open-ended.\n Once the valid SysV IPC tail is occupied, idr_alloc() can spill past\n ipc_mni and allocate an entry beyond the valid IPC id range.\n\n3. The new object id is still encoded with the narrower SysV IPC index\n width:\n\n new-\u003eid = (new-\u003eseq \u003c\u003c ipcmni_seq_shift()) + idx\n\n4. Later removal goes through ipc_rmid(), which uses:\n\n ipcid_to_idx(ipcp-\u003eid)\n\n That truncates the real IDR index. An object actually stored at a\n high index can then be removed as if it lived at a low in-range\n index.\n\n5. For shared memory, shm_destroy() frees the current object anyway, but\n the real high IDR slot is left behind as a dangling pointer.\n\n6. A subsequent walk of /proc/sysvipc/shm reaches the stale IDR entry\n and dereferences freed memory.\n\nPrevent this by bounding the requested allocation to ipc_mni so the\ncheckpoint/restore path fails once the valid range is exhausted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-52923",
"url": "https://www.suse.com/security/cve/CVE-2026-52923"
},
{
"category": "external",
"summary": "SUSE Bug 1269033 for CVE-2026-52923",
"url": "https://bugzilla.suse.com/1269033"
},
{
"category": "external",
"summary": "SUSE Bug 1269034 for CVE-2026-52923",
"url": "https://bugzilla.suse.com/1269034"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-52923"
},
{
"cve": "CVE-2026-52924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-52924"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: purge outqueue on stale COOKIE-ECHO handling\n\nsctp_stream_update() is only invoked when the association is moved into\nCOOKIE_WAIT during association setup/reconfiguration. In this path, the\noutbound stream scheduler state (stream-\u003eout_curr) is expected to be\nclean, since no user data should have been transmitted yet unless the\nstate machine has already partially progressed.\n\nHowever, a corner case exists in sctp_sf_do_5_2_6_stale(): when a\nStale Cookie ERROR is received, the association is rolled back from\nCOOKIE_ECHOED to COOKIE_WAIT. In this scenario, user data may already\nhave been queued and even bundled with the COOKIE-ECHO chunk.\n\nDuring the rollback, sctp_stream_update() frees the old stream table\nand installs a new one, but it does not invalidate stream-\u003eout_curr.\nAs a result, out_curr may still point to a freed sctp_stream_out\nentry from the previous stream state.\n\nLater, SCTP scheduler dequeue paths (FCFS, RR, PRIO, etc.) rely on\nstream-\u003eout_curr-\u003eext, which can lead to use-after-free once the old\nstream state has been released via sctp_stream_free().\n\nThis results in crashes such as (reported by Yuqi):\n\n BUG: KASAN: slab-use-after-free in sctp_sched_fcfs_dequeue+0x13a/0x140\n Read of size 8 at addr ff1100004d4d3208 by task mini_poc/9312\n CPU: 1 UID: 1001 PID: 9312 Comm: mini_poc Not tainted\n 7.1.0-rc1-00305-gbd3a4795d574 #5 PREEMPT(full)\n sctp_sched_fcfs_dequeue+0x13a/0x140\n sctp_outq_flush+0x1603/0x33e0\n sctp_do_sm+0x31c9/0x5d30\n sctp_assoc_bh_rcv+0x392/0x6f0\n sctp_inq_push+0x1db/0x270\n sctp_rcv+0x138d/0x3c10\n\nFix this by fully purging the association outqueue when handling the\nStale Cookie case. This ensures all pending transmit and retransmit\nstate is dropped, and any scheduler cached pointers are invalidated,\nmaking it safe to rebuild stream state during COOKIE_WAIT restart.\n\nUpdating only stream-\u003eout_curr would be insufficient, since queued\nand retransmittable data would still reference the old stream state and\ntrigger later use-after-free in dequeue paths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-52924",
"url": "https://www.suse.com/security/cve/CVE-2026-52924"
},
{
"category": "external",
"summary": "SUSE Bug 1269036 for CVE-2026-52924",
"url": "https://bugzilla.suse.com/1269036"
},
{
"category": "external",
"summary": "SUSE Bug 1269037 for CVE-2026-52924",
"url": "https://bugzilla.suse.com/1269037"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-52924"
},
{
"cve": "CVE-2026-52943",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-52943"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: fix missing zerocopy reference in pskb_carve helpers\n\npskb_carve_inside_header() and pskb_carve_inside_nonlinear() both copy\nthe old skb_shared_info header into a new buffer via memcpy(), which\nincludes the destructor_arg pointer (uarg) for MSG_ZEROCOPY skbs.\nNeither function calls net_zcopy_get() for the new shinfo, creating an\nunaccounted holder: every skb_shared_info with destructor_arg set will\ncall skb_zcopy_clear() once when freed, but the corresponding\nnet_zcopy_get() was never called for the new copy. Repeated calls\ndrive uarg-\u003erefcnt to zero prematurely, freeing ubuf_info_msgzc while\nTX skbs still hold live destructor_arg pointers.\n\nKASAN reports use-after-free on a freed ubuf_info_msgzc:\n\n BUG: KASAN: slab-use-after-free in skb_release_data+0x77b/0x810\n Read of size 8 at addr ffff88801574d3e8 by task poc/220\n\n Call Trace:\n skb_release_data+0x77b/0x810\n kfree_skb_list_reason+0x13e/0x610\n skb_release_data+0x4cd/0x810\n sk_skb_reason_drop+0xf3/0x340\n skb_queue_purge_reason+0x282/0x440\n rds_tcp_inc_free+0x1e/0x30\n rds_recvmsg+0x354/0x1780\n __sys_recvmsg+0xdf/0x180\n\n Allocated by task 219:\n msg_zerocopy_realloc+0x157/0x7b0\n tcp_sendmsg_locked+0x2892/0x3ba0\n\n Freed by task 219:\n ip_recv_error+0x74a/0xb10\n tcp_recvmsg+0x475/0x530\n\nThe skb consuming the late access still referenced the same uarg via\nshinfo-\u003edestructor_arg copied by pskb_carve_inside_nonlinear() without\na refcount bump. This has been verified to be reliably exploitable: a\nworking proof-of-concept achieves full root privilege escalation from\nan unprivileged local user on a default kernel configuration.\n\nThe fix follows the pattern of pskb_expand_head() which has the same\nmemcpy/cloned structure. For pskb_carve_inside_header(), net_zcopy_get()\nis placed after skb_orphan_frags() succeeds, so the orphan error path\nneeds no cleanup. For pskb_carve_inside_nonlinear(), net_zcopy_get() is\nplaced after all failure points and just before skb_release_data(), so\nno error path needs cleanup at all -- matching pskb_expand_head() more\nclosely and avoiding the need for a balancing net_zcopy_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-52943",
"url": "https://www.suse.com/security/cve/CVE-2026-52943"
},
{
"category": "external",
"summary": "SUSE Bug 1269022 for CVE-2026-52943",
"url": "https://bugzilla.suse.com/1269022"
},
{
"category": "external",
"summary": "SUSE Bug 1269023 for CVE-2026-52943",
"url": "https://bugzilla.suse.com/1269023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-52943"
},
{
"cve": "CVE-2026-52955",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-52955"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: Fix potential out-of-bounds access in crush_decode()\n\nA message of type CEPH_MSG_OSD_MAP containing a crush map with at least\none bucket has two fields holding the bucket algorithm. If the values\nin these two fields differ, an out-of-bounds access can occur. This is\nthe case because the first algorithm field (alg) is used to allocate\nthe correct amount of memory for a bucket of this type, while the second\nalgorithm field inside the bucket (b-\u003ealg) is used in the subsequent\nprocessing.\n\nThis patch fixes the issue by adding a check that compares alg and\nb-\u003ealg and aborts the processing in case they differ. Furthermore,\nb-\u003ealg is set to 0 in this case, because the destruction of the crush\nmap also uses this field to determine the bucket type, which can again\nresult in an out-of-bounds access when trying to free the memory pointed\nto by the fields of the bucket. To correctly free the memory allocated\nfor the bucket in such a case, the corresponding call to kfree is moved\nfrom the algorithm-specific crush_destroy_bucket functions to the\ngeneric crush_destroy_bucket().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-52955",
"url": "https://www.suse.com/security/cve/CVE-2026-52955"
},
{
"category": "external",
"summary": "SUSE Bug 1269159 for CVE-2026-52955",
"url": "https://bugzilla.suse.com/1269159"
},
{
"category": "external",
"summary": "SUSE Bug 1270388 for CVE-2026-52955",
"url": "https://bugzilla.suse.com/1270388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-52955"
},
{
"cve": "CVE-2026-52969",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-52969"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Reject wrapped offset in kvm_reset_dirty_gfn()\n\nkvm_reset_dirty_gfn() guards the gfn range with\n\n\tif (!memslot || (offset + __fls(mask)) \u003e= memslot-\u003enpages)\n\t\treturn;\n\nbut offset is u64 and the addition is unchecked. The check can be\nsilently bypassed by a u64 wrap.\n\nThe dirty ring backing those entries is MAP_SHARED at\nKVM_DIRTY_LOG_PAGE_OFFSET of the vcpu fd, so the VMM can rewrite the\nslot and offset fields of any entry between when the kernel pushes\nthem and when KVM_RESET_DIRTY_RINGS consumes them. On reset,\nkvm_dirty_ring_reset() re-reads the values via READ_ONCE() and feeds\nthem straight back into this check; only the flags handshake is\ntreated as the handover, the slot/offset payload is taken on trust.\n\nCrafting two entries\n\n\tentry[i].offset = 0xffffffffffffffc1\n\tentry[i+1].offset = 0\n\nmakes the coalescing loop in kvm_dirty_ring_reset() compute\n\n\tdelta = (s64)(0 - 0xffffffffffffffc1) = 63\n\nwhich falls in [0, BITS_PER_LONG), so it folds entry[i+1] into the\nexisting mask by setting bit 63. The trailing kvm_reset_dirty_gfn()\ncall then sees offset = 0xffffffffffffffc1 and __fls(mask) = 63;\nthe sum is 0 in u64 and the bounds check passes.\n\nThat offset propagates into kvm_arch_mmu_enable_log_dirty_pt_masked()\nunchanged. On the legacy MMU path -- kvm_memslots_have_rmaps() ==\ntrue, i.e. shadow paging, any VM that has allocated shadow roots, or\na write-tracked slot -- it reaches gfn_to_rmap(), which indexes\nslot-\u003earch.rmap[0][] with a near-U64_MAX gfn. That is an\nout-of-bounds load of a kvm_rmap_head, followed by a conditional\nclear of PT_WRITABLE_MASK in whatever the loaded pointer points at.\nThe path is reachable from any process holding /dev/kvm.\n\nRange-check offset on its own first, so the addition cannot wrap.\nmemslot-\u003enpages is bounded well below U64_MAX, so once offset \u003c\nnpages holds, offset + __fls(mask) (with __fls(mask) \u003c BITS_PER_LONG)\nstays in range.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-52969",
"url": "https://www.suse.com/security/cve/CVE-2026-52969"
},
{
"category": "external",
"summary": "SUSE Bug 1269184 for CVE-2026-52969",
"url": "https://bugzilla.suse.com/1269184"
},
{
"category": "external",
"summary": "SUSE Bug 1270385 for CVE-2026-52969",
"url": "https://bugzilla.suse.com/1270385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-52969"
},
{
"cve": "CVE-2026-52972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-52972"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Cap AEAD AD length to 0x80000000\n\nIn order to prevent arithmetic overflows when checking the TX\nbuffer size, cap the associated data length to 0x80000000.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-52972",
"url": "https://www.suse.com/security/cve/CVE-2026-52972"
},
{
"category": "external",
"summary": "SUSE Bug 1269195 for CVE-2026-52972",
"url": "https://bugzilla.suse.com/1269195"
},
{
"category": "external",
"summary": "SUSE Bug 1269196 for CVE-2026-52972",
"url": "https://bugzilla.suse.com/1269196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-52972"
},
{
"cve": "CVE-2026-52993",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-52993"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix double-free in tipc_buf_append()\n\ntipc_msg_validate() can potentially reallocate the skb it is validating,\nfreeing the old one. In tipc_buf_append(), it was being called with a\npointer to a local variable which was a copy of the caller\u0027s skb\npointer.\n\nIf the skb was reallocated and validation subsequently failed, the error\nhandling path would free the original skb pointer, which had already\nbeen freed, leading to double-free.\n\nFix this by checking if head now points to a newly allocated reassembled\nskb. If it does, reassign *headbuf for later freeing operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-52993",
"url": "https://www.suse.com/security/cve/CVE-2026-52993"
},
{
"category": "external",
"summary": "SUSE Bug 1269193 for CVE-2026-52993",
"url": "https://bugzilla.suse.com/1269193"
},
{
"category": "external",
"summary": "SUSE Bug 1269194 for CVE-2026-52993",
"url": "https://bugzilla.suse.com/1269194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-52993"
},
{
"cve": "CVE-2026-53016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53016"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - copy IV using skcipher ivsize\n\nAF_ALG rfc3686-ctr-aes-ccp requests pass an 8-byte IV to the driver.\n\nccp_aes_complete() restores AES_BLOCK_SIZE bytes into the caller\u0027s IV\nbuffer while RFC3686 skciphers expose an 8-byte IV, so the restore\noverruns the provided buffer.\n\nUse crypto_skcipher_ivsize() to copy only the algorithm\u0027s IV length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53016",
"url": "https://www.suse.com/security/cve/CVE-2026-53016"
},
{
"category": "external",
"summary": "SUSE Bug 1269090 for CVE-2026-53016",
"url": "https://bugzilla.suse.com/1269090"
},
{
"category": "external",
"summary": "SUSE Bug 1269766 for CVE-2026-53016",
"url": "https://bugzilla.suse.com/1269766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-53016"
},
{
"cve": "CVE-2026-53041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53041"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix listxattr handling when the buffer is full\n\n[BUG]\nIf an OCFS2 inode has both inline and block-based xattrs, listxattr()\ncan return a size larger than the caller\u0027s buffer when the inline names\nconsume that buffer exactly.\n\nkernel BUG at mm/usercopy.c:102!\nOops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\nRIP: 0010:usercopy_abort+0xb7/0xd0 mm/usercopy.c:102\nCall Trace:\n __check_heap_object+0xe3/0x120 mm/slub.c:8243\n check_heap_object mm/usercopy.c:196 [inline]\n __check_object_size mm/usercopy.c:250 [inline]\n __check_object_size+0x5c5/0x780 mm/usercopy.c:215\n check_object_size include/linux/ucopysize.h:22 [inline]\n check_copy_size include/linux/ucopysize.h:59 [inline]\n copy_to_user include/linux/uaccess.h:219 [inline]\n listxattr+0xb0/0x170 fs/xattr.c:926\n filename_listxattr fs/xattr.c:958 [inline]\n path_listxattrat+0x137/0x320 fs/xattr.c:988\n __do_sys_listxattr fs/xattr.c:1001 [inline]\n __se_sys_listxattr fs/xattr.c:998 [inline]\n __x64_sys_listxattr+0x7f/0xd0 fs/xattr.c:998\n ...\n\n[CAUSE]\nCommit 936b8834366e (\"ocfs2: Refactor xattr list and remove\nocfs2_xattr_handler().\") replaced the old per-handler list accounting\nwith ocfs2_xattr_list_entry(), but it kept using size == 0 to detect\nprobe mode.\n\nThat assumption stops being true once ocfs2_listxattr() finishes the\ninline-xattr pass. If the inline names fill the caller buffer exactly,\nthe block-xattr pass runs with a non-NULL buffer and a remaining size of\nzero. ocfs2_xattr_list_entry() then skips the bounds check, keeps\ncounting block names, and returns a positive size larger than the\nsupplied buffer.\n\n[FIX]\nDetect probe mode by testing whether the destination buffer pointer is\nNULL instead of whether the remaining size is zero.\n\nThat restores the pre-refactor behavior and matches the OCFS2 getxattr\nhelpers. Once the remaining buffer reaches zero while more names are\nleft, the block-xattr pass now returns -ERANGE instead of reporting a\nsize larger than the allocated list buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53041",
"url": "https://www.suse.com/security/cve/CVE-2026-53041"
},
{
"category": "external",
"summary": "SUSE Bug 1269398 for CVE-2026-53041",
"url": "https://bugzilla.suse.com/1269398"
},
{
"category": "external",
"summary": "SUSE Bug 1270379 for CVE-2026-53041",
"url": "https://bugzilla.suse.com/1270379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-53041"
},
{
"cve": "CVE-2026-53053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53053"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix clone_alias() to use the original device\u0027s devid\n\nCurrently clone_alias() assumes first argument (pdev) is always the\noriginal device pointer. This function is called by\npci_for_each_dma_alias() which based on topology decides to send\noriginal or alias device details in first argument.\n\nThis meant that the source devid used to look up and copy the DTE\nmay be incorrect, leading to wrong or stale DTE entries being\npropagated to alias device.\n\nFix this by passing the original pdev as the opaque data argument to\nboth the direct clone_alias() call and pci_for_each_dma_alias(). Inside\nclone_alias(), retrieve the original device from data and compute devid\nfrom it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53053",
"url": "https://www.suse.com/security/cve/CVE-2026-53053"
},
{
"category": "external",
"summary": "SUSE Bug 1269310 for CVE-2026-53053",
"url": "https://bugzilla.suse.com/1269310"
},
{
"category": "external",
"summary": "SUSE Bug 1269311 for CVE-2026-53053",
"url": "https://bugzilla.suse.com/1269311"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-53053"
},
{
"cve": "CVE-2026-53071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp\n\nl2cap_ecred_reconf_rsp() calls l2cap_chan_del() without holding\nl2cap_chan_lock(). Every other l2cap_chan_del() caller in the file\nacquires the lock first. A remote BLE device can send a crafted\nL2CAP ECRED reconfiguration response to corrupt the channel list\nwhile another thread is iterating it.\n\nAdd l2cap_chan_hold() and l2cap_chan_lock() before l2cap_chan_del(),\nand l2cap_chan_unlock() and l2cap_chan_put() after, matching the\npattern used in l2cap_ecred_conn_rsp() and l2cap_conn_del().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53071",
"url": "https://www.suse.com/security/cve/CVE-2026-53071"
},
{
"category": "external",
"summary": "SUSE Bug 1269678 for CVE-2026-53071",
"url": "https://bugzilla.suse.com/1269678"
},
{
"category": "external",
"summary": "SUSE Bug 1270375 for CVE-2026-53071",
"url": "https://bugzilla.suse.com/1270375"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-53071"
},
{
"cve": "CVE-2026-53072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER\n\nWhen protocol sets HCI_PROTO_DEFER, hci_conn_request_evt() calls\nhci_connect_cfm(conn) without hdev-\u003elock. Generally hci_connect_cfm()\nassumes it is held, and if conn is deleted concurrently -\u003e UAF.\n\nOnly SCO and ISO set HCI_PROTO_DEFER and only for defer setup listen,\nand HCI_EV_CONN_REQUEST is not generated for ISO. In the non-deferred\nlistening socket code paths, hci_connect_cfm(conn) is called with\nhdev-\u003elock held.\n\nFix by holding the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53072",
"url": "https://www.suse.com/security/cve/CVE-2026-53072"
},
{
"category": "external",
"summary": "SUSE Bug 1269681 for CVE-2026-53072",
"url": "https://bugzilla.suse.com/1269681"
},
{
"category": "external",
"summary": "SUSE Bug 1270374 for CVE-2026-53072",
"url": "https://bugzilla.suse.com/1270374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-53072"
},
{
"cve": "CVE-2026-53133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umem: Fix truncation for block sizes \u003e= 4G\n\nWhen the iommu is used the linearization of the mapping can give a single\nblock that is very large split across multiple SG entries.\n\nWhen __rdma_block_iter_next() reassembles the split SG entries it is\noverflowing the 32 bit stack values and computed the wrong DMA addresses\nfor blocks after the truncation.\n\nUse the right types to hold DMA addresses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53133",
"url": "https://www.suse.com/security/cve/CVE-2026-53133"
},
{
"category": "external",
"summary": "SUSE Bug 1269821 for CVE-2026-53133",
"url": "https://bugzilla.suse.com/1269821"
},
{
"category": "external",
"summary": "SUSE Bug 1269822 for CVE-2026-53133",
"url": "https://bugzilla.suse.com/1269822"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-53133"
},
{
"cve": "CVE-2026-53253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bnep: reject short frames before parsing\n\nA BNEP peer can send a short BNEP SDU. bnep_rx_frame() reads the\npacket type byte immediately and, for control packets, reads the control\nopcode and setup UUID-size byte before proving that those bytes are\npresent. bnep_rx_control() also dereferences the control opcode without\nrejecting an empty control payload.\n\nUse skb_pull_data() for the fixed fields in bnep_rx_frame() so a NULL\nreturn gates each dereference. Split the control handler so the frame\npath can pass an opcode that has already been pulled, and keep the\nbyte-buffer wrapper for extension control payloads.\n\nFor BNEP_SETUP_CONN_REQ, name the UUID-size byte before pulling the\nsetup payload. struct bnep_setup_conn_req carries destination and source\nservice UUIDs after that byte, each uuid_size bytes, so the parser now\ndocuments that tuple explicitly instead of leaving the pull length as an\nopaque multiplication.\n\nValidation reproduced this kernel report:\nKASAN slab-out-of-bounds in bnep_rx_frame.isra.0+0x130c/0x1790\nThe buggy address belongs to the object at ffff88800c0f7908 which belongs\nto the cache kmalloc-8 of size 8\nThe buggy address is located 0 bytes to the right of allocated 1-byte\nregion [ffff88800c0f7908, ffff88800c0f7909)\nRead of size 1\nCall trace:\n dump_stack_lvl+0xb3/0x140 (?:?)\n print_address_description+0x57/0x3a0 (?:?)\n bnep_rx_frame+0x130c/0x1790 (net/bluetooth/bnep/core.c:306)\n print_report+0xb9/0x2b0 (?:?)\n __virt_addr_valid+0x1ba/0x3a0 (?:?)\n srso_alias_return_thunk+0x5/0xfbef5 (?:?)\n kasan_addr_to_slab+0x21/0x60 (?:?)\n kasan_report+0xe0/0x110 (?:?)\n process_one_work+0xfce/0x17e0 (kernel/workqueue.c:3200)\n worker_thread+0x65c/0xe40 (?:?)\n __kthread_parkme+0x184/0x230 (?:?)\n kthread+0x35e/0x470 (?:?)\n _raw_spin_unlock_irq+0x28/0x50 (?:?)\n ret_from_fork+0x586/0x870 (?:?)\n __switch_to+0x74f/0xdc0 (?:?)\n ret_from_fork_asm+0x1a/0x30 (?:?)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53253",
"url": "https://www.suse.com/security/cve/CVE-2026-53253"
},
{
"category": "external",
"summary": "SUSE Bug 1269574 for CVE-2026-53253",
"url": "https://bugzilla.suse.com/1269574"
},
{
"category": "external",
"summary": "SUSE Bug 1269575 for CVE-2026-53253",
"url": "https://bugzilla.suse.com/1269575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-53253"
},
{
"cve": "CVE-2026-53359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-53359"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Fix shadow paging use-after-free due to unexpected role\n\nCommit 0cb2af2ea66ad (\"KVM: x86: Fix shadow paging use-after-free due\nto unexpected GFN\") fixed a shadow paging mismatch between stored and\ncomputed GFNs; the bug could be triggered by changing a PDE mapping from\noutside the guest, and then deleting a memslot. The rmap_remove()\ncall would miss entries created after the PDE change because the GFN\nof the leaf SPTE does not match the GFN of the struct kvm_mmu_page.\n\nA similar hole however remains if the modified PDE points to a non-leaf\npage. In this case the gfn can be made to match, but the role does not\nmatch: the original large 2MB page creates a kvm_mmu_page with direct=1,\nwhile the new 4KB needs a kvm_mmu_page with direct=0. However,\nkvm_mmu_get_child_sp() does not compare the role, and therefore reuses\nthe page.\n\nThe next step is installing a leaf (4KB) SPTE on the new path which\nrecords an rmap entry under the gfn resolved by the walk. But when\nthat child is zapped its parent kvm_mmu_page has direct=1 and\nkvm_mmu_page_get_gfn() computes the gfn for the 4KB page as\nsp-\u003egfn + index instead of using sp-\u003eshadowed_translation[] (or sp-\u003egfns[]\nin older kernels). It therefore fails to remove the recorded entry.\n\nWhen the memslot is dropped the shadow page is freed but the rmap\nentry survives, as in the scenario that was already fixed. Code that\nlater walks that gfn (dirty logging, MMU notifier invalidation, and\nso on) dereferences an sptep that lies in the freed page, causing the\nuse-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-53359",
"url": "https://www.suse.com/security/cve/CVE-2026-53359"
},
{
"category": "external",
"summary": "SUSE Bug 1270059 for CVE-2026-53359",
"url": "https://bugzilla.suse.com/1270059"
},
{
"category": "external",
"summary": "SUSE Bug 1270060 for CVE-2026-53359",
"url": "https://bugzilla.suse.com/1270060"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.176.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.176.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.176.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T09:25:02Z",
"details": "important"
}
],
"title": "CVE-2026-53359"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…