OPENSUSE-SU-2026:20572-1

Description

Security update for the Linux Kernel The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). - CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084). - CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). - CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759). - CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). - CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293). - CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301). - CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). - CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). - CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). - CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). - CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). - CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). - CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). - CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). - CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485). - CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484). - CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). - CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870). - CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). - CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). - CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). - CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). - CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). - CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). - CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490). - CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544). - CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). - CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606). - CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550). - CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527). - CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). - CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). - CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). - CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497). - CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). - CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522). - CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). - CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). - CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). - CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507). - CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506). - CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non security issues were fixed: - KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461). - KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511). - Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)." - Update config files (bsc#1254307). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). - bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955). - bpf: crypto: Use the correct destructor kfunc type (bsc#1259955). - btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459). - btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). - drm/amdkfd: Unreserve bo if queue update failed (git-fixes). - drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). - drm/i915/dsc: Add Selective Update register definitions (stable-fixes). - drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). - firmware: microchip: fail auto-update probe if no flash found (git-fixes). - kABI: Include trace recursion bits in kABI tracking (bsc#1258301). - net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). - nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). - nvme: expose active quirks in sysfs (bsc#1243208). - nvme: fix memory leak in quirks_param_set() (bsc#1243208). - powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes). - powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes). - s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214). - s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175). - s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306). - scsi: fnic: Add Cisco hardware model names (jsc#PED-15441). - scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441). - scsi: fnic: Add and integrate support for FIP (jsc#PED-15441). - scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441). - scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441). - scsi: fnic: Add stats and related functionality (jsc#PED-15441). - scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441). - scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441). - scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441). - scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441). - scsi: fnic: Code cleanup (jsc#PED-15441). - scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441). - scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441). - scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441). - scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441). - scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441). - scsi: fnic: Increment driver version (jsc#PED-15441). - scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441). - scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441). - scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441). - scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441). - scsi: fnic: Remove extern definition from .c files (jsc#PED-15441). - scsi: fnic: Remove unnecessary debug print (jsc#PED-15441). - scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441). - scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441). - scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441). - scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441). - scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441). - scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441). - scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441). - scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441). - scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441). - scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441). - scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). - scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). - scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042). - selftests/bpf: Use the correct destructor kfunc type (bsc#1259955). - selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590). - tg3: Fix race for querying speed/duplex (bsc#1257183). - x86/platform/uv: Handle deconfigured sockets (bsc#1260347).

Affected Systems

opensuse•dtb-aarch64&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-64kb&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-azure&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-default-base&distro=openSUSE Leap 16.0
< 6.12.0-160000.27.1.160000.2.8
opensuse•kernel-default&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-docs&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-kvmsmall&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-obs-build&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-obs-qa&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-rt&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-source&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-syms&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1
opensuse•kernel-zfcpdump&distro=openSUSE Leap 16.0
< 6.12.0-160000.28.1

Vulnerability Summary

Timeline

Description

Affected Systems

References (121)