SUSE-SU-2026:20667-1

Advisory lineage Upstream: 129 Downstream: 0
Published: 11 Mar 2026, 15:14
Last modified:23 Mar 2026, 04:53

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

11 Mar 2026, 15:14
Published
Vulnerability first disclosed
23 Mar 2026, 04:53
Last Modified
Vulnerability information updated

Description

Security update for the Linux Kernel The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992). - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055). - CVE-2025-39748: bpf: Forget ranges when refining tnum after JSET (bsc#1249587). - CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966). - CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911). - CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924). - CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd (bsc#1255379). - CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129). - CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530). - CVE-2025-68736: landlock: Fix handling of disconnected directories (bsc#1255698). - CVE-2025-68778: btrfs: don't log conflicting inode if it's a dir moved in the current transaction (bsc#1256683). - CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640). - CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679). - CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802). - CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708). - CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716). - CVE-2025-71126: mptcp: reset fallback status gracefully at disconnect() time (bsc#1256755). - CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159). - CVE-2025-71184: btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635). - CVE-2025-71194: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (bsc#1257687). - CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411). - CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228). - CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179). - CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209). - CVE-2026-23003: geneve: Fix incorrect inner network header offset when innerprotoinherit is set (bsc#1257246). - CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231). - CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552). - CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559). - CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718). - CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740). - CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735). - CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765). - CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749). - CVE-2026-23083: fou: Don't allow 0 for FOU_ATTR_IPPROTO (bsc#1257745). - CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830). - CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758). - CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757). - CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790). - CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808). - CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816). - CVE-2026-23102: arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772). - CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763). - CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775). - CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762). - CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761). - CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181). - CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184). - CVE-2026-23113: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (bsc#1258278). - CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277). - CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273). - CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304). - CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377). - CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272). - CVE-2026-23171: net: bonding: update the slave array for broadcast mode (bsc#1258349). - CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520). - CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394). - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395). - CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321). - CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468). - CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518). - CVE-2026-23213: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (bsc#1258465). - CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464). The following non security issues were fixed: - ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes). - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes). - ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes). - HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes). - PM: sleep: wakeirq: Update outdated documentation comments (git-fixes). - Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153) - Update upstreamed net and powerpc patch references and sorting - bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691). - btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes). - clocksource: Print durations for sync check unconditionally (bsc#1241345). - clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345). - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes). - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes). - landlock: Optimize file path walks and prepare for audit support (bsc#1255698). - media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes). - shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564). - spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952) - spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952) - spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952) - spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952) - spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952) - spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952) - staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes). - wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes). - workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)

Affected Systems

  • susekernel-default-base&distro=SUSE Linux Micro 6.1

    < 6.4.0-40.1.21.17

  • susekernel-default&distro=SUSE Linux Micro 6.1

    < 6.4.0-40.1

  • susekernel-kvmsmall&distro=SUSE Linux Micro 6.1

    < 6.4.0-40.1

  • susekernel-source&distro=SUSE Linux Micro 6.1

    < 6.4.0-40.1

References (270)