The 7.0.14-101/201 kernel builds contain a fix for an unprivileged container / jail escape. This has not been assigned a CVE number yet, but a POC is in the wild. The 7.0.14 stable kernel update contains a number of important fixes across the tree.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-35e2185559 2026-07-02 01:07:29.332059+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 43 Version : 7.0.14 Release : 101.fc43 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.0.14-101/201 kernel builds contain a fix for an unprivileged container / jail escape. This has not been assigned a CVE number yet, but a POC is in the wild. The 7.0.14 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Justin M. Forbes [7.0.14-1] - ipv6: account for fraggap on the paged allocation path (Wongi Lee) - ipv4: account for fraggap on the paged allocation path (Wongi Lee) * Sat Jun 27 2026 Justin M. Forbes [7.0.14-0] - Revert "Input: rmi4 - remove the need for artificial IRQ in case of HID" (Justin M. Forbes) - Linux v7.0.14 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-35e2185559' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
The 7.0.14-101/201 kernel builds contain a fix for an unprivileged container / jail escape. This has not been assigned a CVE number yet, but a POC is in the wild. The 7.0.14 stable kernel update contains a number of important fixes across the tree.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-7ae597d1d2 2026-07-02 01:05:29.984027+00:00 -------------------------------------------------------------------------------- Name : kernel Product : Fedora 44 Version : 7.0.14 Release : 201.fc44 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package -------------------------------------------------------------------------------- Update Information: The 7.0.14-101/201 kernel builds contain a fix for an unprivileged container / jail escape. This has not been assigned a CVE number yet, but a POC is in the wild. The 7.0.14 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 1 2026 Justin M. Forbes [7.0.14-1] - ipv6: account for fraggap on the paged allocation path (Wongi Lee) - ipv4: account for fraggap on the paged allocation path (Wongi Lee) * Sat Jun 27 2026 Justin M. Forbes [7.0.14-0] - Revert "Input: rmi4 - remove the need for artificial IRQ in case of HID" (Justin M. Forbes) - Linux v7.0.14 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-7ae597d1d2' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
An update that solves 66 vulnerabilities can now be installed.. # Security update for the Linux Kernel Announcement ID: SUSE-SU-2026:2722-1 Release Date: 2026-07-01T13:35:37Z Rating: important References: * bsc#1256668 * bsc#1260531 * bsc#1262085 * bsc#1262392 * bsc#1262617 * bsc#1262620 * bsc#1262674 * bsc#1262748 * bsc#1262798 * bsc#1262993 * bsc#1263057 * bsc#1263123 * bsc#1263124 * bsc#1263137 * bsc#1263178 * bsc#1263563 * bsc#1263568 * bsc#1263578 * bsc#1263930 * bsc#1263934 * bsc#1263993 * bsc#1263996 * bsc#1264045 * bsc#1264076 * bsc#1264080 * bsc#1264137 * bsc#1264239 * bsc#1264266 * bsc#1264437 * bsc#1264444 * bsc#1264470 * bsc#1264549 * bsc#1264561 * bsc#1264595 * bsc#1264603 * bsc#1264610 * bsc#1264741 * bsc#1264763 * bsc#1265103 * bsc#1265143 * bsc#1265628 * bsc#1266290 * bsc#1266390 * bsc#1266397 * bsc#1266698 * bsc#1266704 * bsc#1266705 * bsc#1266840 * bsc#1266878 * bsc#1266895 * bsc#1266903 * bsc#1266916 * bsc#1266922 * bsc#1266933 * bsc#1267208 * bsc#1267251 * bsc#1267361 * bsc#1267387 * bsc#1267431 * bsc#1267621 * bsc#1267624 * bsc#1267628 * bsc#1267651 * bsc#1267654 * bsc#1267685 * bsc#1267744 Cross-References: * CVE-2025-10263 * CVE-2025-68822 * CVE-2026-23392 * CVE-2026-31414 * CVE-2026-31429 * CVE-2026-31452 * CVE-2026-31453 * CVE-2026-31469 * CVE-2026-31492 * CVE-2026-31495 * CVE-2026-31499 * CVE-2026-31500 * CVE-2026-31555 * CVE-2026-31560 * CVE-2026-31592 * CVE-2026-31593 * CVE-2026-31664 * CVE-2026-31665 * CVE-2026-31674 * CVE-2026-31680 * CVE-2026-31693 * CVE-2026-31752 * CVE-2026-31759 * CVE-2026-43023 * CVE-2026-43024 * CVE-2026-43028 * CVE-2026-43035 * CVE-2026-43036 * CVE-2026-43049 * CVE-2026-43077 * CVE-2026-43083 * CVE-2026-43101 * CVE-2026-43112 * CVE-2026-43119 * CVE-2026-43158 * CVE-2026-43171 * CVE-2026-43187 * CVE-2026-43198 * CVE-2026-43239 *CVE-2026-43339 * CVE-2026-43345 * CVE-2026-43405 * CVE-2026-43469 * CVE-2026-43491 * CVE-2026-45840 * CVE-2026-45841 * CVE-2026-45862 * CVE-2026-45870 * CVE-2026-45894 * CVE-2026-45940 * CVE-2026-45961 * CVE-2026-45964 * CVE-2026-45965 * CVE-2026-45974 * CVE-2026-46005 * CVE-2026-46037 * CVE-2026-46101 * CVE-2026-46119 * CVE-2026-46123 * CVE-2026-46150 * CVE-2026-46160 * CVE-2026-46162 * CVE-2026-46172 * CVE-2026-46244 * CVE-2026-46259 * CVE-2026-46273 CVSS scores: * CVE-2025-10263 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-10263 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N * CVE-2025-68822 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-23392 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23392 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23392 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31414 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31414 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31414 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31429 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31429 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31429 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31452 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31452 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31452 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31453 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31453 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31453 ( NVD ): 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31469 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31469 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31469 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31492 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31492 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31492 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31495 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31495 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31495 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31499 ( SUSE ): 6.0 CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31499 ( SUSE ): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31499 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31500 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31500 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31555 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31555 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31560 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31560 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31560 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31592 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31592 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31592 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31593 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31593 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31593 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31664 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31664 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31664 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31665 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31665 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31665 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31674 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31674 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31674 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-31680 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-31680 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31680 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31693 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31693 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H * CVE-2026-31693 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31752 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31752 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-31759 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31759 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-31759 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43023 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N *CVE-2026-43023 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43023 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43024 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43024 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43028 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43028 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-43035 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43035 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43036 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43036 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43049 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43049 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43077 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43077 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43083 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43083 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-43101 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43101 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43112 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43112 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43112 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-43112 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-43119 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-43119 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-43119( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43158 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43158 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-43158 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43171 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43171 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43187 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43187 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-43187 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43198 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43198 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43198 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43198 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43239 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43239 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43239 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H * CVE-2026-43339 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43339 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43345 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43345 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43405 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43405 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43469 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43469 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43491 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-43491 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-43491 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45840 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L * CVE-2026-45840 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H * CVE-2026-45840 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45841 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45841 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45841 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45862 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N * CVE-2026-45862 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2026-45862 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-45870 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45870 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45870 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45894 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-45894 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H * CVE-2026-45894 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-45940 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45940 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45940 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45961 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-45961 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2026-45961 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H *CVE-2026-45964 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45964 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45965 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45965 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45965 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45974 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-45974 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-45974 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46005 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46005 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46005 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46037 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46037 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-46037 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H * CVE-2026-46101 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-46101 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H * CVE-2026-46101 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46119 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H * CVE-2026-46119 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-46123 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-46123 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-46123 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2026-46150 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-46150 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46150 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46160 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46160 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46162 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46162 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46172 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46172 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46244 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46244 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2026-46244 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H * CVE-2026-46259 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46259 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46273 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-46273 ( NVD ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: * Basesystem Module 15-SP7 * Development Tools Module 15-SP7 * Legacy Module 15-SP7 * Public Cloud Module 15-SP7 * SUSE Linux Enterprise Desktop 15 SP7 * SUSE Linux Enterprise High Availability Extension 15 SP7 * SUSE Linux Enterprise Live Patching 15-SP7 * SUSE Linux Enterprise Real Time 15 SP7 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * SUSE Linux Enterprise Workstation Extension 15 SP7 An update that solves 66 vulnerabilities can now be installed. ## Description: The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs (bsc#1266290). * CVE-2025-68822: Input: alps - fix use-after-free bugs caused by dev3_register_work (bsc#1256668). * CVE-2026-23392: netfilter:nf_tables: release flowtable after rcu grace period on error (bsc#1260531). * CVE-2026-31414: netfilter: nf_conntrack_expect: use expect-> helper (bsc#1262085). * CVE-2026-31429: net: skb: fix cross-cache free of KFENCE-allocated skb head (bsc#1262392). * CVE-2026-31452: ext4: convert inline data to extents when truncate exceeds inline size (bsc#1262620). * CVE-2026-31469: virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false * CVE-2026-31492: RDMA/irdma: Initialize free_qp completion before using it (bsc#1262748). * CVE-2026-31495: netfilter: ctnetlink: use netlink policy range checks (bsc#1262798). * CVE-2026-31499: Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del() (bsc#1262674). * CVE-2026-31500: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (bsc#1262993). * CVE-2026-31555: futex: Clear stale exiting pointer in futex_lock_pi() retry path (bsc#1263178). * CVE-2026-31560: spi: spi-dw-dma: fix print error log when wait finish transaction (bsc#1263057). * CVE-2026-31592: KVM: SEV: Protect _all_ of sev_mem_enc_register_region() with kvm-> lock (bsc#1263123). * CVE-2026-31593: KVM: SEV: Reject attempts to sync VMSA of an already- launched/encrypted vCPU (bsc#1263124). * CVE-2026-31664: string.h: Introduce memset_after() for wiping trailing members/padding (bsc#1263578). * CVE-2026-31665: kABI: netfilter: nft_ct: fix use-after-free in timeout object destroy (bsc#1263137). * CVE-2026-31674: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (bsc#1263568). * CVE-2026-31680: net: ipv6: flowlabel: defer exclusive option free until RCU teardown (bsc#1263563). * CVE-2026-31693: cifs: some missing initializations on replay (bsc#1267744). * CVE-2026-31752: bridge: br_nd_send: validate ND option lengths (bsc#1264045). * CVE-2026-31759: usb: ulpi: fix double free in ulpi_register_interface() error path (bsc#1264076). * CVE-2026-43023:Bluetooth: SCO: fix race conditions in sco_sock_connect() (bsc#1264137). * CVE-2026-43024: netfilter: nf_tables: reject immediate NF_QUEUE verdict (bsc#1263930). * CVE-2026-43028: netfilter: x_tables: ensure names are nul-terminated (bsc#1263934). * CVE-2026-43035: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (bsc#1263996). * CVE-2026-43036: net: use skb_header_pointer() for TCPv4 GSO frag_off check (bsc#1263993). * CVE-2026-43049: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure (bsc#1264080). * CVE-2026-43077: crypto: algif_aead - Fix minimum RX size check for decryption (bsc#1264470). * CVE-2026-43083: net: ioam6: fix OOB and missing lock (bsc#1264266). * CVE-2026-43101: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() (bsc#1264239). * CVE-2026-43112: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (bsc#1264437). * CVE-2026-43119: Bluetooth: hci_sync: annotate data-races around hdev-> req_status (bsc#1264561). * CVE-2026-43158: xfs: fix freemap adjustments when adding xattrs to leaf blocks (bsc#1264595). * CVE-2026-43171: EFI/CPER: do not dump the entire memory region (bsc#1264549). * CVE-2026-43187: xfs: delete attr leaf freemap entries when empty (bsc#1264603). * CVE-2026-43198: tcp: fix potential race in tcp_v6_syn_recv_sock() (bsc#1264610). * CVE-2026-43239: smb: client: prevent races in -> query_interfaces() (bsc#1264444). * CVE-2026-43339: ipv6: prevent possible UaF in addrconf_permanent_addr() (bsc#1264763). * CVE-2026-43345: net: ipa: fix event ring index not programmed for IPA v5.0+ (bsc#1265103). * CVE-2026-43405: libceph: Use u32 for non-negative values in ceph_monmap_decode() (bsc#1264741). * CVE-2026-43469: xprtrdma: Decrement re_receiving on the early exit paths (bsc#1265143). * CVE-2026-43491: net: qrtr: ns: Limit the maximum server registration per node (bsc#1265628). * CVE-2026-45840: openvswitch: cap upcall PID array size and pre-size vport replies (bsc#1266397). * CVE-2026-45841: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO (bsc#1266390). * CVE-2026-45862: iommu/vt-d: Flush cache for PASID table before using it (bsc#1266705). * CVE-2026-45870: SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths (bsc#1266704). * CVE-2026-45894: iommu/vt-d: Clear Present bit before tearing down PASID entry (bsc#1266895). * CVE-2026-45940: net: stmmac: fix oops when split header is enabled (bsc#1266916). * CVE-2026-45961: gfs2: fix memory leaks in gfs2_fill_super error path (bsc#1266933). * CVE-2026-45964: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path (bsc#1266698). * CVE-2026-45965: apparmor: fix invalid deref of rawdata when export_binary is unset (bsc#1267208). * CVE-2026-45974: btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found (bsc#1266922). * CVE-2026-46005: xfs: fix a resource leak in xfs_alloc_buftarg() (bsc#1267431). * CVE-2026-46037: ipv4: icmp: validate reply type before using icmp_pointers (bsc#1267361). * CVE-2026-46101: netfilter: reject zero shift in nft_bitwise (bsc#1266878). * CVE-2026-46119: libceph: Fix slab-out-of-bounds access in auth message processing (bsc#1267628). * CVE-2026-46123: Bluetooth: virtio_bt: clamp rx length before skb_put (bsc#1267621). * CVE-2026-46150: fanotify: fix false positive on permission events (bsc#1267387). * CVE-2026-46160: btrfs: fix missing last_unlink_trans update when removing a directory (bsc#1267624). * CVE-2026-46162: ice: fix double free in ice_sf_eth_activate() error path (bsc#1266840). * CVE-2026-46172: ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() (bsc#1266903). * CVE-2026-46244: netfilter: nft_inner: Fix IPv6 inner_thoff desync (bsc#1267654). * CVE-2026-46259: procfs: fix missing RCU protection when reading real_parent in do_task_stat() (bsc#1267685). * CVE-2026-46273: ibmveth: Disable GSO for packets with small MSS (bsc#1267651). The following non-security bugs were fixed: * ACPI: CPPC: Suppress UBSAN warning caused by field misuse (git-fixes). * ACPI: IPMI: Fix message kref handling on dead device (git-fixes). * ACPI: NFIT: core: Fix possible NULL pointer dereference (git-fixes). * ALSA: aloop: Drop superfluous break (git-fixes). * ALSA: cmipci: check snd_ctl_new1() return value (git-fixes). * ALSA: core: Fix unintuitive behavior of snd_power_ref_and_wait() (git- fixes). * ALSA: es1938: check snd_ctl_new1() return value (git-fixes). * ALSA: gus: check snd_ctl_new1() return value (git-fixes). * ALSA: hda/cs35l41: Fix firmware load work teardown (git-fixes). * ALSA: ice1712: check snd_ctl_new1() return value (git-fixes). * ALSA: seq: Clear variable event pointer on read (git-fixes). * ALSA: seq: Fix kernel heap address leak in bounce_error_event() (git-fixes). * ALSA: seq: Fix partial userptr event expansion (git-fixes). * ALSA: seq: midi: Serialize output teardown with event_input (git-fixes). * ALSA: usb-audio: Propagate US-16x08 write errors in route/mix EQ-switch put callbacks (git-fixes). * ALSA: usb-audio: Propagate errors in scarlett_ctl_enum_put() (git-fixes). * ALSA: usb-audio: Roll back quirk control caches on write errors (git-fixes). * ALSA: usb-audio: Update Babyface Pro control caches only after successful writes (git-fixes). * ALSA: usb-audio: Update US-16x08 EQ/comp shadow state after successful writes (git-fixes). * ALSA: virtio: Add missing 384 kHz PCM rate mapping (git-fixes). * ALSA: ymfpci: check snd_ctl_new1() return value (git-fixes). * ASoC: SOF: ipc3-control: Fix TOCTOU in bytes_put and bytes_get (git-fixes). * ASoC: SOF: ipc3-control: Fix heap overflow in bytes_ext put/get (git-fixes). * ASoC: SOF: ipc3-control: Use overflow checks in control_update size calc (git-fixes). * ASoC: SOF: ipc3-control: Validate size insnd_sof_update_control (git- fixes). * ASoC: SOF: ipc4-control: Fix TOCTOU in sof_ipc4_bytes_put (git-fixes). * ASoC: SOF: topology: validate vendor array size before parsing (git-fixes). * ASoC: adau1372: Clear PLL_EN on failed PLL lock without reset GPIO (git- fixes). * ASoC: codecs: hdac_hdmi: Validate written enum value (git-fixes). * ASoC: cs35l56: Cleanup if component_probe fails (git-fixes). * ASoC: cs35l56: Do not leave parent IRQ disabled if system_suspend fails (git-fixes). * ASoC: cs35l56: Fix missing calls to wm_adsp2_remove() (git-fixes). * ASoC: fsl: fsl_audmix: Validate written enum values (git-fixes). * ASoC: mediatek: mt8183: Release reserved memory on cleanup (git-fixes). * ASoC: mediatek: mt8192: Release reserved memory on cleanup (git-fixes). * ASoC: meson: aiu: Validate written enum values (git-fixes). * ASoC: tegra: tegra210_ahub: Validate written enum value (git-fixes). * ASoC: topology: Check PCM and DAI name strings before use (git-fixes). * ASoC: wm_adsp: Fix NULL dereference when removing firmware controls (git- fixes). * Bluetooth: btmtk: fix URB leak in alloc_mtk_intr_urb error path (git-fixes). * Bluetooth: btmtksdio: fix infinite loop in btmtksdio_txrx_work() (git- fixes). * Bluetooth: btusb: fix use-after-free on marvell probe failure (git-fixes). * Bluetooth: btusb: fix use-after-free on registration failure (git-fixes). * Bluetooth: btusb: fix wakeup irq devres lifetime (git-fixes). * Bluetooth: btusb: fix wakeup source leak on probe failure (git-fixes). * Bluetooth: eir: Fix stack OOB write when prepending the Flags AD (git- fixes). * Bluetooth: hci: validate codec capability element length (git-fixes). * Bluetooth: hci_qca: fix NULL pointer dereference in qca_dmp_hdr() for non- serdev device (git-fixes). * Bluetooth: vhci: validate devcoredump state before side effects (git-fixes). * KVM: SEV: Ignore MMIO requests of length '0' (git-fixes). * KVM: SEV: Ignore Port I/O requests of length '0'(git-fixes). * KVM: SVM: Allow KVM_SET_NESTED_STATE to clear GIF when SVME==0 (git-fixes). * KVM: SVM: Do not set GIF when clearing EFER.SVME (git-fixes). * KVM: SVM: Flush the current TLB when transitioning from xAVIC => x2AVIC (git-fixes). * KVM: SVM: check validity of VMCB controls when returning from SMM (git- fixes). * KVM: arm64: Discard PC update state on vcpu reset (git-fixes). * KVM: arm64: Guard against NULL vcpu on VHE hyp panic path (git-fixes). * KVM: arm64: PMU: Preserve AArch32 counter low bits (git-fixes). * KVM: arm64: Treat vCPU with pending SError as runnable (git-fixes). * KVM: arm64: Wake-up from WFI when iqrchip is in userspace (git-fixes). * KVM: arm64: vgic-its: Reject restored DTE with out-of-range num_eventid_bits (git-fixes). * KVM: arm64: vgic: Fix IIDR revision field extracted from wrong value (git- fixes). * KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation (git-fixes). * KVM: nSVM: Ensure AVIC is inhibited when restoring a vCPU to guest mode (git-fixes). * KVM: nSVM: Mark all of vmcb02 dirty when restoring nested state (git-fixes). * KVM: x86/mmu: Fix UBSAN warning when reading nx_huge_pages parameter (git- fixes). * PM: sleep: Use complete() in device_pm_sleep_init() (git-fixes). * USB: serial: io_ti: fix heap overflow in build_i2c_fw_hdr() (git-fixes). * USB: serial: io_ti: fix heap overflow in get_manuf_info() (git-fixes). * USB: serial: kl5kusb105: fix bulk-out buffer overflow (git-fixes). * X.509: Fix validation of ASN.1 certificate header (git-fixes). * accel/ivpu: Fix signed integer truncation in IPC receive (git-fixes). * agp/amd64: Fix broken error propagation in agp_amd64_probe() (git-fixes). * batman-adv: bla: annotate lasttime access with READ/WRITE_ONCE (git-fixes). * batman-adv: tp_meter: add only finished tp_vars to lists (git-fixes). * batman-adv: tp_meter: avoid divide-by-zero for dec_cwnd (git-fixes). * batman-adv: tp_meter: avoid window underflow (git-fixes). * batman-adv:tp_meter: fix fast recovery precondition (git-fixes). * batman-adv: tp_meter: handle seqno wrap-around for fast recovery detection (git-fixes). * batman-adv: tp_meter: initialize dec_cwnd explicitly (git-fixes). * batman-adv: tp_meter: initialize dup_acks explicitly (git-fixes). * batman-adv: tp_meter: keep unacked list in ascending ordered (git-fixes). * crypto: af_alg - Cap AEAD AD length to 0x80000000 (git-fixes). * crypto: amlogic - avoid double cleanup in meson_crypto_probe() (git-fixes). * crypto: asymmetric_keys - fix OOB read in pefile_digest_pe_contents (git- fixes). * crypto: atmel-sha204a - fix blocking and non-blocking rng logic (git-fixes). * crypto: cavium/cpt - fix DMA cleanup using wrong loop index (git-fixes). * crypto: ccp - Fix snp_filter_reserved_mem_regions() off-by-one (git-fixes). * crypto: ccp - Treat zero-length cert chain as query for blob lengths (git- fixes). * crypto: drbg - Fix drbg_max_addtl() on 64-bit kernels (git-fixes). * crypto: drbg - Fix returning success on failure in CTR_DRBG (git-fixes). * crypto: drbg - Fix the fips_enabled priority boost (git-fixes). * crypto: ecc - Fix carry overflow in vli multiplication (git-fixes). * crypto: ecrdsa - fix unknown OID check in ecrdsa_param_curve (git-fixes). * crypto: hisilicon/qm - disable error report before flr (git-fixes). * crypto: marvell/octeontx - fix DMA cleanup using wrong loop index (git- fixes). * crypto: pcrypt - restore callback for non-parallel fallback (git-fixes). * crypto: qat - protect service table iterations with service_lock (git- fixes). * crypto: qat - validate RSA CRT component lengths (git-fixes). * crypto: rng - Free default RNG on module exit (git-fixes). * driver core: reject devices with unregistered buses (git-fixes). * driver core: use READ_ONCE() for dev-> driver in dev_has_sync_state() (git- fixes). * drm/amd/display: Add missing kdoc for ALLM parameters (git-fixes). * drm/amd/pm: remove trailing semicolon fromAMDGPU_PM_POLICY_ATTR macro (git- fixes). * drm/amdgpu: fix integer overflow in amdgpu_gem_align_pitch() (git-fixes). * drm/amdgpu: set sub_block_index for mca ras sub-blocks (git-fixes). * drm/amdkfd: Validate CRIU-restored IDs before idr_alloc (git-fixes). * drm/amdkfd: always resume_all after suspend_all (git-fixes). * drm/bridge: cdns-dsi: Replace deprecated UNIVERSAL_DEV_PM_OPS() (git-fixes). * drm/dp/mst: fix OOB reads in remote DPCD/I2C sideband reply parsers (git- fixes). * drm/dp/mst: fix OOB reads on 2-byte fields in sideband reply parsers (git- fixes). * drm/dp/mst: fix buffer overflows in sideband chunk accumulation (git-fixes). * drm/gpuvm: Do not prepare NULL objects (git-fixes). * drm/hisilicon/hibmc: move display contrl config to hibmc_probe() (git- fixes). * drm/hisilicon/hibmc: use clock to look up the PLL value (git-fixes). * drm/hyperv: use VMBUS_RING_SIZE() (git-fixes). * drm/i915/gem: Fix phys BO pread/pwrite with offset (git-fixes). * drm/imagination: Count paired job fence as dependency in prepare_job() (git- fixes). * drm/imagination: Fit paired fragment job in the correct CCCB (git-fixes). * drm/msm/dp: Fix the ISR_* enum values (git-fixes). * drm/msm/dp: fix HPD state status bit shift value (git-fixes). * drm/nouveau/bios: specify correct display fuse register for Ampere and Ada (git-fixes). * drm/panthor: Fix kernel-doc warning in panthor_sched.c (git-fixes). * drm/radeon: fix integer overflow in radeon_align_pitch() (git-fixes). * drm/radeon: fix memory leak in radeon_ring_restore() on lock failure (git- fixes). * drm/rockchip: cdn-dp: add missing check in cdn_dp_config_video() (git- fixes). * drm/syncobj: Fix memory leak in drm_syncobj_find_fence() (git-fixes). * drm/tegra: Fix iommu_map_sgtable() return value check (git-fixes). * drm/tegra: dc: Fix device node reference leak in tegra_dc_has_output() (git- fixes). * drm/tidss: Drop extra drm_mode_config_reset() call (git-fixes). * drm/tidss:Fix missing drm_bridge_add() call (git-fixes). * drm/vc4: fix krealloc() memory leak (git-fixes). * drm/virtio: Fix driver removal with disabled KMS (git-fixes). * drm/virtio: fix dma_fence refcount leak on error in virtio_gpu_dma_fence_wait() (git-fixes). * drm/xe: fix refcount leak in xe_range_fence_insert() (git-fixes). * drm: renesas: rzg2l_mipi_dsi: Increase reset deassertion delay (git-fixes). * fbdev: broadsheetfb: fix potential memory leak in broadsheetfb_probe() (git- fixes). * fbdev: hecubafb: fix potential memory leak in hecubafb_probe() (git-fixes). * fbdev: i740fb: fix potential memory leak in i740fb_probe() (git-fixes). * fbdev: metronomefb: fix potential memory leak in metronomefb_probe() (git- fixes). * fbdev: modedb: Fix misaligned fields in the 1920x1080-60 mode (git-fixes). * fbdev: nvidia: fix potential memory leak in nvidiafb_probe() (git-fixes). * fbdev: radeon: fix potential memory leak in radeonfb_pci_register() (git- fixes). * fbdev: s3fb: fix potential memory leak in s3_pci_probe() (git-fixes). * fbdev: sm501fb: Fix buffer errors in OF binding code (git-fixes). * fbdev: sm712: Fix operator precedence in big_swap macro (git-fixes). * fbdev: tdfxfb: fix potential memory leak in tdfxfb_probe() (git-fixes). * fbdev: tridentfb: fix potential memory leak in trident_pci_probe() (git- fixes). * fbdev: uvesafb: fix potential memory leak in uvesafb_probe() (git-fixes). * fbdev: vesafb: fix memory leak in vesafb_probe() (git-fixes). * firmware: arm_scmi: Fix OOB in scmi_power_name_get() (git-fixes). * firmware: arm_scmi: Read sensor config as 32-bit value (git-fixes). * firmware_loader: Fix recursive lock in device_cache_fw_images() (git-fixes). * firmware_loader: fix device reference leak in firmware_upload_register() (git-fixes). * gpio: mvebu: fix NULL pointer dereference in suspend/resume (git-fixes). * gpu: host1x: Allow entries in BO caches to be freed (git-fixes). * gpu: host1x: Fix iommu_map_sgtable() return valuecheck (git-fixes). * hwmon: (it87) Clamp negative values to zero in set_fan() (git-fixes). * hwrng: jh7110 - fix refcount leak in starfive_trng_read() (git-fixes). * hwrng: virtio: clamp device-reported used.len at copy_data() (git-fixes). * i2c: core: fix irq domain leak on adapter registration failure (git-fixes). * i2c: qcom-cci: Fix NULL pointer dereference in cci_remove() (git-fixes). * i2c: stm32f7: fix timing computation ignoring i2c-analog-filter (git-fixes). * i2c: tegra: Fix NOIRQ suspend/resume (git-fixes). * ice: ptp: do not WARN when controlling PF is unavailable (bsc#1267251). * misc: fastrpc: Fix NULL pointer dereference in rpmsg callback (git-fixes). * misc: fastrpc: fix DMA address corruption due to find_vma misuse (git- fixes). * misc: fastrpc: fix use-after-free of fastrpc_user in workqueue context (git- fixes). * misc: fastrpc: fix use-after-free race in fastrpc_map_create (git-fixes). * of: cpu: add check in __of_find_n_match_cpu_property() (git-fixes). * scripts/submit_branch: add SLE15-SP7 submission script * serial: 8250: dispatch SysRq character in serial8250_handle_irq() (git- fixes). * serial: 8250_dw: dispatch SysRq character in dw8250_handle_irq() (git- fixes). * slimbus: qcom-ngd-ctrl: fix OF node refcount (git-fixes). * soc: fsl: qe: panic on ioremap() failure in qe_reset() (git-fixes). * soc: ti: k3-ringacc: Fix access mode for k3_ringacc_ring_pop_tail_io/proxy (git-fixes). * spi: at91-usart: drop dead runtime pm support (git-fixes). * spi: ep93xx: fix double-free of zeropage on DMA setup failure (git-fixes). * spi: fsl-lpspi: replace dmaengine_terminate_all() with dmaengine_terminate_sync() (git-fixes). * spi: fsl-lpspi: terminate the RX channel on TX prepare failure path (git- fixes). * spi: meson-spifc: fix runtime PM leak on remove (git-fixes). * spi: xilinx: use FIFO occupancy register to determine buffer size (git- fixes). * thermal: hwmon: Fix critical temperature attribute removal(git-fixes). * thunderbolt: Bound root directory content to block size (git-fixes). * thunderbolt: Clamp XDomain response data copy to allocation size (git- fixes). * thunderbolt: Limit XDomain response copy to actual frame size (git-fixes). * thunderbolt: Reject zero-length property entries in validator (git-fixes). * thunderbolt: Validate XDomain request packet size before type cast (git- fixes). * watchdog: apple: Add "apple,t8103-wdt" compatible (git-fixes). * watchdog: sp5100_tco: Use EFCH MMIO for newer Hygon FCH (git-fixes). * watchdog: sprd_wdt: Remove redundant sprd_wdt_disable() on register failure (git-fixes). * watchdog: unregister PM notifier on watchdog unregister (git-fixes). * wifi: ath11k: fix warning when unbinding (git-fixes). * wifi: ath9k: fix OOB access from firmware tx status queue ID (git-fixes). * wifi: cfg80211: fix grammar in MLO group key error message (git-fixes). * wifi: mac80211: fix monitor mode frame capture for real chanctx drivers (git-fixes). * wifi: mt76: fix argument to ieee80211_is_first_frag() (git-fixes). * wifi: mt76: mt7915: fix potential tx_retries underflow (git-fixes). * wifi: mt76: mt7921: fix potential tx_retries underflow (git-fixes). * wifi: mt76: mt7925: clean up DMA on probe failure (git-fixes). * wifi: mt76: mt7925: fix potential tx_retries underflow (git-fixes). * wifi: mt76: mt7996: fix potential tx_retries underflow (git-fixes). * wifi: rtlwifi: rtl8821ae: Fix C2H bit location in RX descriptor (git-fixes). * wifi: rtw88: fix OOB read from firmware RX descriptor exceeding DMA buffer (git-fixes). * wifi: rtw88: increase TX report timeout to fix race condition (git-fixes). * wifi: rtw88: usb: fix memory leaks on USB write failures (git-fixes). * wifi: rtw89: Correct data type for scan index to avoid infinite loop (git- fixes). * wifi: wcn36xx: fix OOB read from firmware count in PRINT_REG_INFO indication (git-fixes). * wifi: wcn36xx: fix OOB read from short trigger BA firmwareresponse (git- fixes). * wifi: wcn36xx: fix heap overflow from oversized firmware HAL response (git- fixes). ## Special Instructions and Notes: * Please reboot the system after installing this update. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Basesystem Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2722=1 * Public Cloud Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP7-2026-2722=1 * SUSE Linux Enterprise Workstation Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-WE-15-SP7-2026-2722=1 * Legacy Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Legacy-15-SP7-2026-2722=1 * SUSE Linux Enterprise High Availability Extension 15 SP7 zypper in -t patch SUSE-SLE-Product-HA-15-SP7-2026-2722=1 * Development Tools Module 15-SP7 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP7-2026-2722=1 * SUSE Linux Enterprise Live Patching 15-SP7 zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-2722=1 Please note that this is the initial kernel livepatch without fixes itself, this package is later updated by separate standalone kernel livepatch updates. ## Package List: * SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64) * kernel-default-debugsource-6.4.0-150700.53.63.1 * kernel-default-livepatch-6.4.0-150700.53.63.1 * kernel-livepatch-SLE15-SP7_Update_17-debugsource-1-150700.15.3.1 * kernel-default-debuginfo-6.4.0-150700.53.63.1 * kernel-livepatch-6_4_0-150700_53_63-default-1-150700.15.3.1 * kernel-default-livepatch-devel-6.4.0-150700.53.63.1 * kernel-livepatch-6_4_0-150700_53_63-default-debuginfo-1-150700.15.3.1 * SUSE Linux Enterprise Live Patching 15-SP7 (nosrc) * kernel-default-6.4.0-150700.53.63.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (aarch64ppc64le s390x x86_64) * gfs2-kmp-default-6.4.0-150700.53.63.1 * dlm-kmp-default-debuginfo-6.4.0-150700.53.63.1 * kernel-default-debugsource-6.4.0-150700.53.63.1 * ocfs2-kmp-default-debuginfo-6.4.0-150700.53.63.1 * cluster-md-kmp-default-debuginfo-6.4.0-150700.53.63.1 * kernel-default-debuginfo-6.4.0-150700.53.63.1 * ocfs2-kmp-default-6.4.0-150700.53.63.1 * cluster-md-kmp-default-6.4.0-150700.53.63.1 * dlm-kmp-default-6.4.0-150700.53.63.1 * gfs2-kmp-default-debuginfo-6.4.0-150700.53.63.1 * SUSE Linux Enterprise High Availability Extension 15 SP7 (nosrc) * kernel-default-6.4.0-150700.53.63.1 * Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-default-devel-debuginfo-6.4.0-150700.53.63.1 * kernel-default-debugsource-6.4.0-150700.53.63.1 * kernel-default-devel-6.4.0-150700.53.63.1 * kernel-default-debuginfo-6.4.0-150700.53.63.1 * Basesystem Module 15-SP7 (aarch64 ppc64le x86_64) * kernel-default-base-6.4.0-150700.53.63.1.150700.17.37.1 * Basesystem Module 15-SP7 (aarch64 nosrc ppc64le s390x x86_64) * kernel-default-6.4.0-150700.53.63.1 * Basesystem Module 15-SP7 (aarch64 nosrc) * kernel-64kb-6.4.0-150700.53.63.1 * Basesystem Module 15-SP7 (noarch) * kernel-devel-6.4.0-150700.53.63.1 * kernel-macros-6.4.0-150700.53.63.1 * Basesystem Module 15-SP7 (s390x) * kernel-zfcpdump-debuginfo-6.4.0-150700.53.63.1 * kernel-zfcpdump-debugsource-6.4.0-150700.53.63.1 * Basesystem Module 15-SP7 (aarch64) * kernel-64kb-devel-6.4.0-150700.53.63.1 * kernel-64kb-debuginfo-6.4.0-150700.53.63.1 * kernel-64kb-devel-debuginfo-6.4.0-150700.53.63.1 * kernel-64kb-debugsource-6.4.0-150700.53.63.1 * Basesystem Module 15-SP7 (nosrc s390x) * kernel-zfcpdump-6.4.0-150700.53.63.1 * Legacy Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-default-debuginfo-6.4.0-150700.53.63.1 * kernel-default-debugsource-6.4.0-150700.53.63.1 * reiserfs-kmp-default-6.4.0-150700.53.63.1 *reiserfs-kmp-default-debuginfo-6.4.0-150700.53.63.1 * Legacy Module 15-SP7 (nosrc) * kernel-default-6.4.0-150700.53.63.1 * Public Cloud Module 15-SP7 (aarch64 x86_64) * kernel-azure-debugsource-6.4.0-150700.53.63.1 * kernel-azure-devel-6.4.0-150700.53.63.1 * kernel-azure-debuginfo-6.4.0-150700.53.63.1 * kernel-azure-devel-debuginfo-6.4.0-150700.53.63.1 * Public Cloud Module 15-SP7 (aarch64 nosrc x86_64) * kernel-azure-6.4.0-150700.53.63.1 * Development Tools Module 15-SP7 (aarch64 ppc64le s390x x86_64) * kernel-obs-build-6.4.0-150700.53.63.1 * kernel-obs-build-debugsource-6.4.0-150700.53.63.1 * kernel-syms-6.4.0-150700.53.63.1 * Development Tools Module 15-SP7 (noarch nosrc) * kernel-docs-6.4.0-150700.53.63.1 * Development Tools Module 15-SP7 (noarch) * kernel-source-6.4.0-150700.53.63.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (nosrc) * kernel-default-6.4.0-150700.53.63.1 * SUSE Linux Enterprise Workstation Extension 15 SP7 (x86_64) * kernel-default-debugsource-6.4.0-150700.53.63.1 * kernel-default-debuginfo-6.4.0-150700.53.63.1 * kernel-default-extra-debuginfo-6.4.0-150700.53.63.1 * kernel-default-extra-6.4.0-150700.53.63.1 ## References: * https://www.suse.com/security/cve/CVE-2025-10263.html * https://www.suse.com/security/cve/CVE-2025-68822.html * https://www.suse.com/security/cve/CVE-2026-23392.html * https://www.suse.com/security/cve/CVE-2026-31414.html * https://www.suse.com/security/cve/CVE-2026-31429.html * https://www.suse.com/security/cve/CVE-2026-31452.html * https://www.suse.com/security/cve/CVE-2026-31453.html * https://www.suse.com/security/cve/CVE-2026-31469.html * https://www.suse.com/security/cve/CVE-2026-31492.html * https://www.suse.com/security/cve/CVE-2026-31495.html * https://www.suse.com/security/cve/CVE-2026-31499.html * https://www.suse.com/security/cve/CVE-2026-31500.html * https://www.suse.com/security/cve/CVE-2026-31555.html *https://www.suse.com/security/cve/CVE-2026-31560.html * https://www.suse.com/security/cve/CVE-2026-31592.html * https://www.suse.com/security/cve/CVE-2026-31593.html * https://www.suse.com/security/cve/CVE-2026-31664.html * https://www.suse.com/security/cve/CVE-2026-31665.html * https://www.suse.com/security/cve/CVE-2026-31674.html * https://www.suse.com/security/cve/CVE-2026-31680.html * https://www.suse.com/security/cve/CVE-2026-31693.html * https://www.suse.com/security/cve/CVE-2026-31752.html * https://www.suse.com/security/cve/CVE-2026-31759.html * https://www.suse.com/security/cve/CVE-2026-43023.html * https://www.suse.com/security/cve/CVE-2026-43024.html * https://www.suse.com/security/cve/CVE-2026-43028.html * https://www.suse.com/security/cve/CVE-2026-43035.html * https://www.suse.com/security/cve/CVE-2026-43036.html * https://www.suse.com/security/cve/CVE-2026-43049.html * https://www.suse.com/security/cve/CVE-2026-43077.html * https://www.suse.com/security/cve/CVE-2026-43083.html * https://www.suse.com/security/cve/CVE-2026-43101.html * https://www.suse.com/security/cve/CVE-2026-43112.html * https://www.suse.com/security/cve/CVE-2026-43119.html * https://www.suse.com/security/cve/CVE-2026-43158.html * https://www.suse.com/security/cve/CVE-2026-43171.html * https://www.suse.com/security/cve/CVE-2026-43187.html * https://www.suse.com/security/cve/CVE-2026-43198.html * https://www.suse.com/security/cve/CVE-2026-43239.html * https://www.suse.com/security/cve/CVE-2026-43339.html * https://www.suse.com/security/cve/CVE-2026-43345.html * https://www.suse.com/security/cve/CVE-2026-43405.html * https://www.suse.com/security/cve/CVE-2026-43469.html * https://www.suse.com/security/cve/CVE-2026-43491.html * https://www.suse.com/security/cve/CVE-2026-45840.html * https://www.suse.com/security/cve/CVE-2026-45841.html * https://www.suse.com/security/cve/CVE-2026-45862.html * https://www.suse.com/security/cve/CVE-2026-45870.html *https://www.suse.com/security/cve/CVE-2026-45894.html * https://www.suse.com/security/cve/CVE-2026-45940.html * https://www.suse.com/security/cve/CVE-2026-45961.html * https://www.suse.com/security/cve/CVE-2026-45964.html * https://www.suse.com/security/cve/CVE-2026-45965.html * https://www.suse.com/security/cve/CVE-2026-45974.html * https://www.suse.com/security/cve/CVE-2026-46005.html * https://www.suse.com/security/cve/CVE-2026-46037.html * https://www.suse.com/security/cve/CVE-2026-46101.html * https://www.suse.com/security/cve/CVE-2026-46119.html * https://www.suse.com/security/cve/CVE-2026-46123.html * https://www.suse.com/security/cve/CVE-2026-46150.html * https://www.suse.com/security/cve/CVE-2026-46160.html * https://www.suse.com/security/cve/CVE-2026-46162.html * https://www.suse.com/security/cve/CVE-2026-46172.html * https://www.suse.com/security/cve/CVE-2026-46244.html * https://www.suse.com/security/cve/CVE-2026-46259.html * https://www.suse.com/security/cve/CVE-2026-46273.html * https://bugzilla.suse.com/show_bug.cgi?id=1256668 * https://bugzilla.suse.com/show_bug.cgi?id=1260531 * https://bugzilla.suse.com/show_bug.cgi?id=1262085 * https://bugzilla.suse.com/show_bug.cgi?id=1262392 * https://bugzilla.suse.com/show_bug.cgi?id=1262617 * https://bugzilla.suse.com/show_bug.cgi?id=1262620 * https://bugzilla.suse.com/show_bug.cgi?id=1262674 * https://bugzilla.suse.com/show_bug.cgi?id=1262748 * https://bugzilla.suse.com/show_bug.cgi?id=1262798 * https://bugzilla.suse.com/show_bug.cgi?id=1262993 * https://bugzilla.suse.com/show_bug.cgi?id=1263057 * https://bugzilla.suse.com/show_bug.cgi?id=1263123 * https://bugzilla.suse.com/show_bug.cgi?id=1263124 * https://bugzilla.suse.com/show_bug.cgi?id=1263137 * https://bugzilla.suse.com/show_bug.cgi?id=1263178 * https://bugzilla.suse.com/show_bug.cgi?id=1263563 * https://bugzilla.suse.com/show_bug.cgi?id=1263568 * https://bugzilla.suse.com/show_bug.cgi?id=1263578 *https://bugzilla.suse.com/show_bug.cgi?id=1263930 * https://bugzilla.suse.com/show_bug.cgi?id=1263934 * https://bugzilla.suse.com/show_bug.cgi?id=1263993 * https://bugzilla.suse.com/show_bug.cgi?id=1263996 * https://bugzilla.suse.com/show_bug.cgi?id=1264045 * https://bugzilla.suse.com/show_bug.cgi?id=1264076 * https://bugzilla.suse.com/show_bug.cgi?id=1264080 * https://bugzilla.suse.com/show_bug.cgi?id=1264137 * https://bugzilla.suse.com/show_bug.cgi?id=1264239 * https://bugzilla.suse.com/show_bug.cgi?id=1264266 * https://bugzilla.suse.com/show_bug.cgi?id=1264437 * https://bugzilla.suse.com/show_bug.cgi?id=1264444 * https://bugzilla.suse.com/show_bug.cgi?id=1264470 * https://bugzilla.suse.com/show_bug.cgi?id=1264549 * https://bugzilla.suse.com/show_bug.cgi?id=1264561 * https://bugzilla.suse.com/show_bug.cgi?id=1264595 * https://bugzilla.suse.com/show_bug.cgi?id=1264603 * https://bugzilla.suse.com/show_bug.cgi?id=1264610 * https://bugzilla.suse.com/show_bug.cgi?id=1264741 * https://bugzilla.suse.com/show_bug.cgi?id=1264763 * https://bugzilla.suse.com/show_bug.cgi?id=1265103 * https://bugzilla.suse.com/show_bug.cgi?id=1265143 * https://bugzilla.suse.com/show_bug.cgi?id=1265628 * https://bugzilla.suse.com/show_bug.cgi?id=1266290 * https://bugzilla.suse.com/show_bug.cgi?id=1266390 * https://bugzilla.suse.com/show_bug.cgi?id=1266397 * https://bugzilla.suse.com/show_bug.cgi?id=1266698 * https://bugzilla.suse.com/show_bug.cgi?id=1266704 * https://bugzilla.suse.com/show_bug.cgi?id=1266705 * https://bugzilla.suse.com/show_bug.cgi?id=1266840 * https://bugzilla.suse.com/show_bug.cgi?id=1266878 * https://bugzilla.suse.com/show_bug.cgi?id=1266895 * https://bugzilla.suse.com/show_bug.cgi?id=1266903 * https://bugzilla.suse.com/show_bug.cgi?id=1266916 * https://bugzilla.suse.com/show_bug.cgi?id=1266922 * https://bugzilla.suse.com/show_bug.cgi?id=1266933 * https://bugzilla.suse.com/show_bug.cgi?id=1267208 *https://bugzilla.suse.com/show_bug.cgi?id=1267251 * https://bugzilla.suse.com/show_bug.cgi?id=1267361 * https://bugzilla.suse.com/show_bug.cgi?id=1267387 * https://bugzilla.suse.com/show_bug.cgi?id=1267431 * https://bugzilla.suse.com/show_bug.cgi?id=1267621 * https://bugzilla.suse.com/show_bug.cgi?id=1267624 * https://bugzilla.suse.com/show_bug.cgi?id=1267628 * https://bugzilla.suse.com/show_bug.cgi?id=1267651 * https://bugzilla.suse.com/show_bug.cgi?id=1267654 * https://bugzilla.suse.com/show_bug.cgi?id=1267685 * https://bugzilla.suse.com/show_bug.cgi?id=1267744 . A security update for SUSE Kernel addresses 66 vulnerabilities, boosting system security and performance. Install now!. SUSE Kernel Update Important Security Bugfix SUSE Enterprise. . LinuxSecurity.com Team
An update that solves seven vulnerabilities and has one fix can now be installed.. # Security update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22383-1 Release Date: 2026-06-25T11:19:45Z Rating: important References: * bsc#1260907 * bsc#1261640 * bsc#1263088 * bsc#1263108 * bsc#1263902 * bsc#1266229 * bsc#1267625 * bsc#1268282 Cross-References: * CVE-2026-23278 * CVE-2026-31402 * CVE-2026-31504 * CVE-2026-31554 * CVE-2026-31694 * CVE-2026-43503 * CVE-2026-46323 CVSS scores: * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and has one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.5.1 fixes various security issues The following security issues were fixed: * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907). * CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640). * CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088). * CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108). * CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902). * CVE-2026-43503: final dirty.frag related fixes (bsc#1266229). * CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282). * net/sched: fix pedit partial COW leading to page cache (bsc#1267625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1068=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1068=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64les390x x86_64) * kernel-livepatch-6_12_0-160000_5-default-debuginfo-14-160000.4.3 * kernel-livepatch-SLE16_Update_0-debugsource-14-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-14-160000.4.3 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_0-debugsource-14-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-14-160000.4.3 * kernel-livepatch-6_12_0-160000_5-default-debuginfo-14-160000.4.3 ## References: * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-31402.html * https://www.suse.com/security/cve/CVE-2026-31504.html * https://www.suse.com/security/cve/CVE-2026-31554.html * https://www.suse.com/security/cve/CVE-2026-31694.html * https://www.suse.com/security/cve/CVE-2026-43503.html * https://www.suse.com/security/cve/CVE-2026-46323.html * https://bugzilla.suse.com/show_bug.cgi?id=1260907 * https://bugzilla.suse.com/show_bug.cgi?id=1261640 * https://bugzilla.suse.com/show_bug.cgi?id=1263088 * https://bugzilla.suse.com/show_bug.cgi?id=1263108 * https://bugzilla.suse.com/show_bug.cgi?id=1263902 * https://bugzilla.suse.com/show_bug.cgi?id=1266229 * https://bugzilla.suse.com/show_bug.cgi?id=1267625 * https://bugzilla.suse.com/show_bug.cgi?id=1268282 . A significant update for SUSE Linux Enterprise 16 kernel addresses multiple important security issues and one fix.. SUSE security update kernel important vulnerabilities. . LinuxSecurity.com Team
An update that solves seven vulnerabilities and has one fix can now be installed.. # Security update for the Linux Kernel (Live Patch 1 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22384-1 Release Date: 2026-06-25T11:19:45Z Rating: important References: * bsc#1260907 * bsc#1261640 * bsc#1263088 * bsc#1263108 * bsc#1263902 * bsc#1266229 * bsc#1267625 * bsc#1268282 Cross-References: * CVE-2026-23278 * CVE-2026-31402 * CVE-2026-31504 * CVE-2026-31554 * CVE-2026-31694 * CVE-2026-43503 * CVE-2026-46323 CVSS scores: * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and has one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.6.1 fixes various security issues The following security issues were fixed: * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907). * CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640). * CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088). * CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108). * CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902). * CVE-2026-43503: final dirty.frag related fixes (bsc#1266229). * CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282). * net/sched: fix pedit partial COW leading to page cache (bsc#1267625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1069=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1069=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64les390x x86_64) * kernel-livepatch-6_12_0-160000_6-default-debuginfo-12-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-12-160000.1.1 * kernel-livepatch-SLE16_Update_1-debugsource-12-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_6-default-debuginfo-12-160000.1.1 * kernel-livepatch-6_12_0-160000_6-default-12-160000.1.1 * kernel-livepatch-SLE16_Update_1-debugsource-12-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-31402.html * https://www.suse.com/security/cve/CVE-2026-31504.html * https://www.suse.com/security/cve/CVE-2026-31554.html * https://www.suse.com/security/cve/CVE-2026-31694.html * https://www.suse.com/security/cve/CVE-2026-43503.html * https://www.suse.com/security/cve/CVE-2026-46323.html * https://bugzilla.suse.com/show_bug.cgi?id=1260907 * https://bugzilla.suse.com/show_bug.cgi?id=1261640 * https://bugzilla.suse.com/show_bug.cgi?id=1263088 * https://bugzilla.suse.com/show_bug.cgi?id=1263108 * https://bugzilla.suse.com/show_bug.cgi?id=1263902 * https://bugzilla.suse.com/show_bug.cgi?id=1266229 * https://bugzilla.suse.com/show_bug.cgi?id=1267625 * https://bugzilla.suse.com/show_bug.cgi?id=1268282 . Important update for SUSE Linux Kernel fixes seven issues, including a critical heap overflow vulnerability for better security.. SUSE Linux Kernel Security Update, Heap Overflow Fix, SUSE Linux Enterprise Security. . LinuxSecurity.com Team
An update that solves seven vulnerabilities and has one fix can now be installed.. # Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22385-1 Release Date: 2026-06-25T11:19:45Z Rating: important References: * bsc#1260907 * bsc#1261640 * bsc#1263088 * bsc#1263108 * bsc#1263902 * bsc#1266229 * bsc#1267625 * bsc#1268282 Cross-References: * CVE-2026-23278 * CVE-2026-31402 * CVE-2026-31504 * CVE-2026-31554 * CVE-2026-31694 * CVE-2026-43503 * CVE-2026-46323 CVSS scores: * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and has one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907). * CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640). * CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088). * CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108). * CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902). * CVE-2026-43503: final dirty.frag related fixes (bsc#1266229). * CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282). * net/sched: fix pedit partial COW leading to page cache (bsc#1267625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1070=1 * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1070=1 ## Package List: * SUSE Linux Enterprise Server for SAPapplications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_2-debugsource-10-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-10-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-10-160000.1.1 * SUSE Linux Enterprise Server 16.0 (ppc64le s390x x86_64) * kernel-livepatch-6_12_0-160000_7-default-10-160000.1.1 * kernel-livepatch-SLE16_Update_2-debugsource-10-160000.1.1 * kernel-livepatch-6_12_0-160000_7-default-debuginfo-10-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-31402.html * https://www.suse.com/security/cve/CVE-2026-31504.html * https://www.suse.com/security/cve/CVE-2026-31554.html * https://www.suse.com/security/cve/CVE-2026-31694.html * https://www.suse.com/security/cve/CVE-2026-43503.html * https://www.suse.com/security/cve/CVE-2026-46323.html * https://bugzilla.suse.com/show_bug.cgi?id=1260907 * https://bugzilla.suse.com/show_bug.cgi?id=1261640 * https://bugzilla.suse.com/show_bug.cgi?id=1263088 * https://bugzilla.suse.com/show_bug.cgi?id=1263108 * https://bugzilla.suse.com/show_bug.cgi?id=1263902 * https://bugzilla.suse.com/show_bug.cgi?id=1266229 * https://bugzilla.suse.com/show_bug.cgi?id=1267625 * https://bugzilla.suse.com/show_bug.cgi?id=1268282 . This SUSE update addresses multiple important security issues in the kernel, providing essential patches and fixes.. SUSE kernel update, important kernel security, recent security fixes, SUSE vulnerabilities management. . LinuxSecurity.com Team
An update that solves seven vulnerabilities and has one fix can now be installed.. # Security update for the Linux Kernel (Live Patch 4 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22386-1 Release Date: 2026-06-25T11:19:45Z Rating: important References: * bsc#1260907 * bsc#1261640 * bsc#1263088 * bsc#1263108 * bsc#1263902 * bsc#1266229 * bsc#1267625 * bsc#1268282 Cross-References: * CVE-2026-23278 * CVE-2026-31402 * CVE-2026-31504 * CVE-2026-31554 * CVE-2026-31694 * CVE-2026-43503 * CVE-2026-46323 CVSS scores: * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and has one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.9.1 fixes various security issues The following security issues were fixed: * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907). * CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640). * CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088). * CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108). * CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902). * CVE-2026-43503: final dirty.frag related fixes (bsc#1266229). * CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282). * net/sched: fix pedit partial COW leading to page cache (bsc#1267625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1071=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1071=1 ## Package List: * SUSE Linux Enterprise Server 16.0 (ppc64les390x x86_64) * kernel-livepatch-6_12_0-160000_9-default-debuginfo-8-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-8-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-8-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-6_12_0-160000_9-default-debuginfo-8-160000.1.1 * kernel-livepatch-SLE16_Update_4-debugsource-8-160000.1.1 * kernel-livepatch-6_12_0-160000_9-default-8-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-31402.html * https://www.suse.com/security/cve/CVE-2026-31504.html * https://www.suse.com/security/cve/CVE-2026-31554.html * https://www.suse.com/security/cve/CVE-2026-31694.html * https://www.suse.com/security/cve/CVE-2026-43503.html * https://www.suse.com/security/cve/CVE-2026-46323.html * https://bugzilla.suse.com/show_bug.cgi?id=1260907 * https://bugzilla.suse.com/show_bug.cgi?id=1261640 * https://bugzilla.suse.com/show_bug.cgi?id=1263088 * https://bugzilla.suse.com/show_bug.cgi?id=1263108 * https://bugzilla.suse.com/show_bug.cgi?id=1263902 * https://bugzilla.suse.com/show_bug.cgi?id=1266229 * https://bugzilla.suse.com/show_bug.cgi?id=1267625 * https://bugzilla.suse.com/show_bug.cgi?id=1268282 . This advisory details an important security update for SUSE Linux Kernel addressing seven vulnerabilities with fixes.. SUSE Linux security, Kernel fix, System vulnerabilities, Important updates. . LinuxSecurity.com Team
An update that solves seven vulnerabilities and has one fix can now be installed.. # Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 16) Announcement ID: SUSE-SU-2026:22387-1 Release Date: 2026-06-25T11:19:45Z Rating: important References: * bsc#1260907 * bsc#1261640 * bsc#1263088 * bsc#1263108 * bsc#1263902 * bsc#1266229 * bsc#1267625 * bsc#1268282 Cross-References: * CVE-2026-23278 * CVE-2026-31402 * CVE-2026-31504 * CVE-2026-31554 * CVE-2026-31694 * CVE-2026-43503 * CVE-2026-46323 CVSS scores: * CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N * CVE-2026-31402 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H * CVE-2026-31402 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31402 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31504 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31504 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31554 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31554 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-31694 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-31694 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-43503 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-43503 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H * CVE-2026-43503 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2026-46323 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Enterprise Server 16.0 * SUSE Linux Enterprise Server for SAP applications 16.0 An update that solves seven vulnerabilities and has one fix can now be installed. ## Description: This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues The following security issues were fixed: * CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907). * CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640). * CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088). * CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108). * CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902). * CVE-2026-43503: final dirty.frag related fixes (bsc#1266229). * CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282). * net/sched: fix pedit partial COW leading to page cache (bsc#1267625). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 16.0 zypper in -t patch SUSE-SLES-16.0-1072=1 * SUSE Linux Enterprise Server for SAP applications 16.0 zypper in -t patch SUSE-SLES-16.0-1072=1 ## Package List: * SUSE Linux Enterprise Server 16.0(ppc64le s390x x86_64) * kernel-livepatch-SLE16_Update_6-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-6-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-debuginfo-6-160000.1.1 * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64) * kernel-livepatch-SLE16_Update_6-debugsource-6-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-6-160000.1.1 * kernel-livepatch-6_12_0-160000_27-default-debuginfo-6-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2026-23278.html * https://www.suse.com/security/cve/CVE-2026-31402.html * https://www.suse.com/security/cve/CVE-2026-31504.html * https://www.suse.com/security/cve/CVE-2026-31554.html * https://www.suse.com/security/cve/CVE-2026-31694.html * https://www.suse.com/security/cve/CVE-2026-43503.html * https://www.suse.com/security/cve/CVE-2026-46323.html * https://bugzilla.suse.com/show_bug.cgi?id=1260907 * https://bugzilla.suse.com/show_bug.cgi?id=1261640 * https://bugzilla.suse.com/show_bug.cgi?id=1263088 * https://bugzilla.suse.com/show_bug.cgi?id=1263108 * https://bugzilla.suse.com/show_bug.cgi?id=1263902 * https://bugzilla.suse.com/show_bug.cgi?id=1266229 * https://bugzilla.suse.com/show_bug.cgi?id=1267625 * https://bugzilla.suse.com/show_bug.cgi?id=1268282 . Critical kernel update for SUSE solves seven security issues, including important heap overflow fix. Upgrade now.. SUSE Linux update, Kernel patch, SUSE security, Important security fix, Live Patch 6. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.