SUSE-SU-2026:1131-1
Vulnerability Summary
Timeline
Description
Security update for the Linux Kernel The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084). - CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917). - CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075). - CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171). - CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645). - CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623). - CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726). - CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236). - CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850). - CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857). The following non security issues were fixed: - apparmor: fix differential encoding verification (bsc#1258849). - apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849). - apparmor: fix memory leak in verify_header (bsc#1258849). - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849). - apparmor: fix race between freeing data and fs accessing it (bsc#1258849). - apparmor: fix race on rawdata dereference (bsc#1258849). - apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849). - apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849). - apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849). - apparmor: replace recursive profile removal with iterative approach (bsc#1258849). - apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849). - net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473). - net: tcp: allow zero-window ACK update the window (bsc#1254767). - net: tcp: send zero-window ACK when no memory (bsc#1254767). - scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296). - tcp: correct handling of extreme memory squeeze (bsc#1254767). - x86/its: Fix crash during dynamic its initialization (bsc#1257771). - x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
Affected Systems
- suse•kernel-rt&distro=SUSE Linux Enterprise Micro 5.3
< 5.14.21-150400.15.145.1
- suse•kernel-rt&distro=SUSE Linux Enterprise Micro 5.4
< 5.14.21-150400.15.145.1
- suse•kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.3
< 5.14.21-150400.15.145.1
- suse•kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.4
< 5.14.21-150400.15.145.1
References (96)
- https://www.suse.com/support/update/announcement/2026/suse-su-20261131-1/
- https://bugzilla.suse.com/1220137
- https://bugzilla.suse.com/1220144
- https://bugzilla.suse.com/1223007
- https://bugzilla.suse.com/1231084
- https://bugzilla.suse.com/1233038
- https://bugzilla.suse.com/1235905
- https://bugzilla.suse.com/1236104
- https://bugzilla.suse.com/1236208
- https://bugzilla.suse.com/1237885
- https://bugzilla.suse.com/1237906
- https://bugzilla.suse.com/1238414
- https://bugzilla.suse.com/1238754
- https://bugzilla.suse.com/1238763
- https://bugzilla.suse.com/1238917
- https://bugzilla.suse.com/1244758
- https://bugzilla.suse.com/1244904
- https://bugzilla.suse.com/1245110
- https://bugzilla.suse.com/1248306
- https://bugzilla.suse.com/1248377
- https://bugzilla.suse.com/1249156
- https://bugzilla.suse.com/1249158
- https://bugzilla.suse.com/1249827
- https://bugzilla.suse.com/1252785
- https://bugzilla.suse.com/1253028
- https://bugzilla.suse.com/1253409
- https://bugzilla.suse.com/1254462
- https://bugzilla.suse.com/1254463
- https://bugzilla.suse.com/1254464
- https://bugzilla.suse.com/1254767
- https://bugzilla.suse.com/1255075
- https://bugzilla.suse.com/1255171
- https://bugzilla.suse.com/1256623
- https://bugzilla.suse.com/1256645
- https://bugzilla.suse.com/1256726
- https://bugzilla.suse.com/1256792
- https://bugzilla.suse.com/1257231
- https://bugzilla.suse.com/1257232
- https://bugzilla.suse.com/1257236
- https://bugzilla.suse.com/1257296
- https://bugzilla.suse.com/1257473
- https://bugzilla.suse.com/1257732
- https://bugzilla.suse.com/1257735
- https://bugzilla.suse.com/1257749
- https://bugzilla.suse.com/1257771
- https://bugzilla.suse.com/1257790
- https://bugzilla.suse.com/1258340
- https://bugzilla.suse.com/1258395
- https://bugzilla.suse.com/1258518
- https://bugzilla.suse.com/1258849
- https://bugzilla.suse.com/1258850
- https://bugzilla.suse.com/1259857
- https://www.suse.com/security/cve/CVE-2022-49604
- https://www.suse.com/security/cve/CVE-2022-49943
- https://www.suse.com/security/cve/CVE-2022-49980
- https://www.suse.com/security/cve/CVE-2022-50232
- https://www.suse.com/security/cve/CVE-2023-52433
- https://www.suse.com/security/cve/CVE-2023-52923
- https://www.suse.com/security/cve/CVE-2023-53178
- https://www.suse.com/security/cve/CVE-2023-53407
- https://www.suse.com/security/cve/CVE-2023-53412
- https://www.suse.com/security/cve/CVE-2023-53417
- https://www.suse.com/security/cve/CVE-2023-53418
- https://www.suse.com/security/cve/CVE-2024-26581
- https://www.suse.com/security/cve/CVE-2024-26832
- https://www.suse.com/security/cve/CVE-2024-46854
- https://www.suse.com/security/cve/CVE-2024-50143
- https://www.suse.com/security/cve/CVE-2024-54031
- https://www.suse.com/security/cve/CVE-2025-21658
- https://www.suse.com/security/cve/CVE-2025-21738
- https://www.suse.com/security/cve/CVE-2025-21760
- https://www.suse.com/security/cve/CVE-2025-21764
- https://www.suse.com/security/cve/CVE-2025-21765
- https://www.suse.com/security/cve/CVE-2025-21766
- https://www.suse.com/security/cve/CVE-2025-38563
- https://www.suse.com/security/cve/CVE-2025-38565
- https://www.suse.com/security/cve/CVE-2025-38684
- https://www.suse.com/security/cve/CVE-2025-40044
- https://www.suse.com/security/cve/CVE-2025-40139
- https://www.suse.com/security/cve/CVE-2025-40242
- https://www.suse.com/security/cve/CVE-2025-68312
- https://www.suse.com/security/cve/CVE-2025-71066
- https://www.suse.com/security/cve/CVE-2025-71085
- https://www.suse.com/security/cve/CVE-2025-71112
- https://www.suse.com/security/cve/CVE-2026-22999
- https://www.suse.com/security/cve/CVE-2026-23001
- https://www.suse.com/security/cve/CVE-2026-23004
- https://www.suse.com/security/cve/CVE-2026-23054
- https://www.suse.com/security/cve/CVE-2026-23060
- https://www.suse.com/security/cve/CVE-2026-23074
- https://www.suse.com/security/cve/CVE-2026-23089
- https://www.suse.com/security/cve/CVE-2026-23191
- https://www.suse.com/security/cve/CVE-2026-23204
- https://www.suse.com/security/cve/CVE-2026-23209
- https://www.suse.com/security/cve/CVE-2026-23268
- https://www.suse.com/security/cve/CVE-2026-23269