## The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: * CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). * CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). * CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). * CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). * CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). * CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
* bsc#1238917
* bsc#1255075
* bsc#1256645
* bsc#1257231
* bsc#1257473
* bsc#1257732
* bsc#1257735
* bsc#1257749
* bsc#1257790
* bsc#1258340
* bsc#1258395
* bsc#1258518
* bsc#1258849
* bsc#1258850
* bsc#1259857
* jsc#PED-12836
Cross-
* CVE-2025-21738
* CVE-2025-40242
* CVE-2025-71066
* CVE-2026-23004
* CVE-2026-23054
* CVE-2026-23060
* CVE-2026-23074
* CVE-2026-23089
* CVE-2026-23191
* CVE-2026-23204
* CVE-2026-23209
* CVE-2026-23268
* CVE-2026-23269
CVSS scores:
* CVE-2025-21738 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-40242 ( SUSE ): 7.3
Get the latest Linux and open source security news straight to your inbox.