Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

openSUSE Kernel Important Ten Security Issues Vuln 2026-2991-1

opensuse
Calendar Grey July 14, 2026
Dist Opensuse Esm H88
Addressing ten security issues in the SUSE Linux Kernel including a critical update that needs immediate attention.
An update that solves 10 vulnerabilities can now be installed.

Description

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.219 fixes

various security issues

The following security issues were fixed:

* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release

(bsc#1264094).

* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).

* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH

grows (bsc#1266015).

* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down

(bsc#1267206).

* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()

(bsc#1267893).

* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task

(bsc#1267723).

* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in

SCTP_SENDALL (bsc#1267698).

* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions

(CIFSwitch) (bsc#1266265).

* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device

...

Read the Full Advisory

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4

zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2991=1

* openSUSE Leap 15.4

zypper in -t patch SUSE-2026-2991=1

Package List

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)

* kernel-livepatch-5_14_21-150400_24_219-default-2-150400.2.1

* kernel-livepatch-SLE15-SP4_Update_54-debugsource-2-150400.2.1

* kernel-livepatch-5_14_21-150400_24_219-default-debuginfo-2-150400.2.1

* openSUSE Leap 15.4 (ppc64le s390x x86_64)

* kernel-livepatch-5_14_21-150400_24_219-default-2-150400.2.1

* kernel-livepatch-SLE15-SP4_Update_54-debugsource-2-150400.2.1

* kernel-livepatch-5_14_21-150400_24_219-default-debuginfo-2-150400.2.1

References

* bsc#1264094

* bsc#1265197

* bsc#1266015

* bsc#1266265

* bsc#1267206

* bsc#1267698

* bsc#1267723

* bsc#1267893

* bsc#1268662

* bsc#1269023

## References:

* https://www.suse.com/security/cve/CVE-2026-31758.html

* https://www.suse.com/security/cve/CVE-2026-43037.html

* https://www.suse.com/security/cve/CVE-2026-43501.html

* https://www.suse.com/security/cve/CVE-2026-45970.html

* https://www.suse.com/security/cve/CVE-2026-46120.html

* https://www.suse.com/security/cve/CVE-2026-46173.html

* https://www.suse.com/security/cve/CVE-2026-46227.html

* https://www.suse.com/security/cve/CVE-2026-46243.html

* https://www.suse.com/security/cve/CVE-2026-52909.html

* https://www.suse.com/security/cve/CVE-2026-52943.html

* https://bugzilla.suse.com/show_bug.cgi?id=1264094

* https://bugzilla.suse.com/show_bug.cgi?id=1265197

* https://bugzilla.suse.com/show_bug.cgi?id=1266015

* https://bugzilla.suse.com/show_bug.cgi?id=1266265

* https://bugzilla.suse.com/show_bug.cgi?id=1267206

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2991-1
Release Date: 2026-07-14T16:05:09Z
Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Live Patching 15-SP4 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.