Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-23094 (GCVE-0-2026-23094)
Vulnerability from cvelistv5 – Published: 2026-02-04 16:08 – Updated: 2026-02-09 08:38
VLAI?
EPSS
Title
uacce: fix isolate sysfs check condition
Summary
In the Linux kernel, the following vulnerability has been resolved:
uacce: fix isolate sysfs check condition
uacce supports the device isolation feature. If the driver
implements the isolate_err_threshold_read and
isolate_err_threshold_write callback functions, uacce will create
sysfs files now. Users can read and configure the isolation policy
through sysfs. Currently, sysfs files are created as long as either
isolate_err_threshold_read or isolate_err_threshold_write callback
functions are present.
However, accessing a non-existent callback function may cause the
system to crash. Therefore, intercept the creation of sysfs if
neither read nor write exists; create sysfs if either is supported,
but intercept unsupported operations at the call site.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
e3e289fbc0b520cf469469e8cdba84a50424eb65 , < 9ab05cdcac354b1b1139918f49c6418b9005d042
(git)
Affected: e3e289fbc0b520cf469469e8cdba84a50424eb65 , < fdbbb47d15ae17bf39fafec7e2028c1f8efba15e (git) Affected: e3e289fbc0b520cf469469e8cdba84a50424eb65 , < 82821a681d5dcce31475a65190fc39ea8f372cc0 (git) Affected: e3e289fbc0b520cf469469e8cdba84a50424eb65 , < 98eec349259b1fd876f350b1c600403bcef8f85d (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/misc/uacce/uacce.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9ab05cdcac354b1b1139918f49c6418b9005d042",
"status": "affected",
"version": "e3e289fbc0b520cf469469e8cdba84a50424eb65",
"versionType": "git"
},
{
"lessThan": "fdbbb47d15ae17bf39fafec7e2028c1f8efba15e",
"status": "affected",
"version": "e3e289fbc0b520cf469469e8cdba84a50424eb65",
"versionType": "git"
},
{
"lessThan": "82821a681d5dcce31475a65190fc39ea8f372cc0",
"status": "affected",
"version": "e3e289fbc0b520cf469469e8cdba84a50424eb65",
"versionType": "git"
},
{
"lessThan": "98eec349259b1fd876f350b1c600403bcef8f85d",
"status": "affected",
"version": "e3e289fbc0b520cf469469e8cdba84a50424eb65",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/misc/uacce/uacce.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.122",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.68",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: fix isolate sysfs check condition\n\nuacce supports the device isolation feature. If the driver\nimplements the isolate_err_threshold_read and\nisolate_err_threshold_write callback functions, uacce will create\nsysfs files now. Users can read and configure the isolation policy\nthrough sysfs. Currently, sysfs files are created as long as either\nisolate_err_threshold_read or isolate_err_threshold_write callback\nfunctions are present.\n\nHowever, accessing a non-existent callback function may cause the\nsystem to crash. Therefore, intercept the creation of sysfs if\nneither read nor write exists; create sysfs if either is supported,\nbut intercept unsupported operations at the call site."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T08:38:34.500Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9ab05cdcac354b1b1139918f49c6418b9005d042"
},
{
"url": "https://git.kernel.org/stable/c/fdbbb47d15ae17bf39fafec7e2028c1f8efba15e"
},
{
"url": "https://git.kernel.org/stable/c/82821a681d5dcce31475a65190fc39ea8f372cc0"
},
{
"url": "https://git.kernel.org/stable/c/98eec349259b1fd876f350b1c600403bcef8f85d"
}
],
"title": "uacce: fix isolate sysfs check condition",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23094",
"datePublished": "2026-02-04T16:08:17.061Z",
"dateReserved": "2026-01-13T15:37:45.963Z",
"dateUpdated": "2026-02-09T08:38:34.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-23094\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-02-04T17:16:20.273\",\"lastModified\":\"2026-03-17T21:09:04.757\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nuacce: fix isolate sysfs check condition\\n\\nuacce supports the device isolation feature. If the driver\\nimplements the isolate_err_threshold_read and\\nisolate_err_threshold_write callback functions, uacce will create\\nsysfs files now. Users can read and configure the isolation policy\\nthrough sysfs. Currently, sysfs files are created as long as either\\nisolate_err_threshold_read or isolate_err_threshold_write callback\\nfunctions are present.\\n\\nHowever, accessing a non-existent callback function may cause the\\nsystem to crash. Therefore, intercept the creation of sysfs if\\nneither read nor write exists; create sysfs if either is supported,\\nbut intercept unsupported operations at the call site.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\\n\\nuacce: corregir la condici\u00f3n de verificaci\u00f3n de sysfs de aislamiento\\n\\nuacce soporta la caracter\u00edstica de aislamiento de dispositivos. Si el controlador implementa las funciones de callback isolate_err_threshold_read e isolate_err_threshold_write, uacce crear\u00e1 archivos sysfs ahora. Los usuarios pueden leer y configurar la pol\u00edtica de aislamiento a trav\u00e9s de sysfs. Actualmente, los archivos sysfs se crean siempre que est\u00e9n presentes las funciones de callback isolate_err_threshold_read o isolate_err_threshold_write.\\n\\nSin embargo, acceder a una funci\u00f3n de callback inexistente puede causar que el sistema falle. Por lo tanto, interceptar la creaci\u00f3n de sysfs si no existe ni lectura ni escritura; crear sysfs si se soporta cualquiera de los dos, pero interceptar las operaciones no soportadas en el sitio de la llamada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.3\",\"versionEndExcluding\":\"6.6.122\",\"matchCriteriaId\":\"DA5AD755-3F64-45B9-8709-1D24A061B353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.68\",\"matchCriteriaId\":\"52F38E19-0FDD-4992-9D6D-D4169D689598\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.8\",\"matchCriteriaId\":\"E65C6E79-7EBE-4C77-93F0-818CF5B38F4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"17B67AA7-40D6-4AFA-8459-F200F3D7CFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C47E4CC9-C826-4FA9-B014-7FE3D9B318B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F71D92C0-C023-48BD-B3B6-70B638EEE298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"13580667-0A98-40CC-B29F-D12790B91BDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF854A1-ABB1-4E93-BE9A-44569EC76C0D\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/82821a681d5dcce31475a65190fc39ea8f372cc0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/98eec349259b1fd876f350b1c600403bcef8f85d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9ab05cdcac354b1b1139918f49c6418b9005d042\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fdbbb47d15ae17bf39fafec7e2028c1f8efba15e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
CERTFR-2026-AVI-0166
Vulnerability from certfr_avis - Published: 2026-02-13 - Updated: 2026-02-13
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.69-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian bookworm versions ant\u00e9rieures \u00e0 6.1.162-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-71075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71075"
},
{
"name": "CVE-2025-71086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71086"
},
{
"name": "CVE-2025-22083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22083"
},
{
"name": "CVE-2025-71065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71065"
},
{
"name": "CVE-2025-22107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22107"
},
{
"name": "CVE-2025-71134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71134"
},
{
"name": "CVE-2026-23098",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23098"
},
{
"name": "CVE-2025-68749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68749"
},
{
"name": "CVE-2025-71094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71094"
},
{
"name": "CVE-2025-68788",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68788"
},
{
"name": "CVE-2025-68778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68778"
},
{
"name": "CVE-2026-23054",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23054"
},
{
"name": "CVE-2025-71064",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71064"
},
{
"name": "CVE-2026-23072",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23072"
},
{
"name": "CVE-2025-68725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68725"
},
{
"name": "CVE-2025-68795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68795"
},
{
"name": "CVE-2025-68349",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68349"
},
{
"name": "CVE-2025-38104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38104"
},
{
"name": "CVE-2025-68380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68380"
},
{
"name": "CVE-2026-23069",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23069"
},
{
"name": "CVE-2023-53421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53421"
},
{
"name": "CVE-2026-22992",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22992"
},
{
"name": "CVE-2025-71071",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71071"
},
{
"name": "CVE-2025-71191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71191"
},
{
"name": "CVE-2025-68728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68728"
},
{
"name": "CVE-2025-68364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68364"
},
{
"name": "CVE-2025-71087",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71087"
},
{
"name": "CVE-2025-40039",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40039"
},
{
"name": "CVE-2025-71135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71135"
},
{
"name": "CVE-2025-68746",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68746"
},
{
"name": "CVE-2025-68773",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68773"
},
{
"name": "CVE-2025-71133",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71133"
},
{
"name": "CVE-2026-23020",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23020"
},
{
"name": "CVE-2025-68796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68796"
},
{
"name": "CVE-2025-68804",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68804"
},
{
"name": "CVE-2025-68769",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68769"
},
{
"name": "CVE-2025-68794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68794"
},
{
"name": "CVE-2025-71189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71189"
},
{
"name": "CVE-2025-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38408"
},
{
"name": "CVE-2025-71088",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71088"
},
{
"name": "CVE-2026-23090",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23090"
},
{
"name": "CVE-2026-23035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23035"
},
{
"name": "CVE-2026-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23064"
},
{
"name": "CVE-2025-38591",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38591"
},
{
"name": "CVE-2025-68806",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68806"
},
{
"name": "CVE-2025-71098",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71098"
},
{
"name": "CVE-2025-71078",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71078"
},
{
"name": "CVE-2025-71083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71083"
},
{
"name": "CVE-2026-23061",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23061"
},
{
"name": "CVE-2026-23059",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23059"
},
{
"name": "CVE-2025-68813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68813"
},
{
"name": "CVE-2026-23047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23047"
},
{
"name": "CVE-2025-22121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22121"
},
{
"name": "CVE-2025-68365",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68365"
},
{
"name": "CVE-2025-71085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71085"
},
{
"name": "CVE-2025-71076",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71076"
},
{
"name": "CVE-2025-68344",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68344"
},
{
"name": "CVE-2025-71154",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71154"
},
{
"name": "CVE-2025-68257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68257"
},
{
"name": "CVE-2025-71084",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71084"
},
{
"name": "CVE-2026-23094",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23094"
},
{
"name": "CVE-2026-23049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23049"
},
{
"name": "CVE-2025-68347",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68347"
},
{
"name": "CVE-2025-68770",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68770"
},
{
"name": "CVE-2025-68814",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68814"
},
{
"name": "CVE-2025-68780",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68780"
},
{
"name": "CVE-2025-71081",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71081"
},
{
"name": "CVE-2026-23101",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23101"
},
{
"name": "CVE-2026-23099",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23099"
},
{
"name": "CVE-2025-71121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71121"
},
{
"name": "CVE-2025-38022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38022"
},
{
"name": "CVE-2025-71080",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71080"
},
{
"name": "CVE-2026-22989",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22989"
},
{
"name": "CVE-2026-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23085"
},
{
"name": "CVE-2025-71136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71136"
},
{
"name": "CVE-2025-68354",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68354"
},
{
"name": "CVE-2025-68801",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68801"
},
{
"name": "CVE-2025-71073",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71073"
},
{
"name": "CVE-2025-22090",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22090"
},
{
"name": "CVE-2025-68258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68258"
},
{
"name": "CVE-2025-39871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39871"
},
{
"name": "CVE-2026-23057",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23057"
},
{
"name": "CVE-2025-37926",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37926"
},
{
"name": "CVE-2025-71138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71138"
},
{
"name": "CVE-2025-68291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68291"
},
{
"name": "CVE-2025-71122",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71122"
},
{
"name": "CVE-2026-22991",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22991"
},
{
"name": "CVE-2025-71144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71144"
},
{
"name": "CVE-2025-68822",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68822"
},
{
"name": "CVE-2025-38234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38234"
},
{
"name": "CVE-2025-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21946"
},
{
"name": "CVE-2025-68255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68255"
},
{
"name": "CVE-2026-22980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22980"
},
{
"name": "CVE-2025-71093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71093"
},
{
"name": "CVE-2025-71102",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71102"
},
{
"name": "CVE-2026-23032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23032"
},
{
"name": "CVE-2025-68759",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68759"
},
{
"name": "CVE-2026-23019",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23019"
},
{
"name": "CVE-2026-23055",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23055"
},
{
"name": "CVE-2025-68733",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68733"
},
{
"name": "CVE-2026-23005",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23005"
},
{
"name": "CVE-2025-68335",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68335"
},
{
"name": "CVE-2025-71079",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71079"
},
{
"name": "CVE-2026-23030",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23030"
},
{
"name": "CVE-2026-22997",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22997"
},
{
"name": "CVE-2025-71153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71153"
},
{
"name": "CVE-2025-71196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71196"
},
{
"name": "CVE-2025-68772",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68772"
},
{
"name": "CVE-2026-23078",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23078"
},
{
"name": "CVE-2025-71143",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71143"
},
{
"name": "CVE-2025-68785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68785"
},
{
"name": "CVE-2025-71130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71130"
},
{
"name": "CVE-2025-68808",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68808"
},
{
"name": "CVE-2025-68223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68223"
},
{
"name": "CVE-2025-68783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68783"
},
{
"name": "CVE-2025-71147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71147"
},
{
"name": "CVE-2025-68724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68724"
},
{
"name": "CVE-2026-23103",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23103"
},
{
"name": "CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"name": "CVE-2025-71126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71126"
},
{
"name": "CVE-2025-68786",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68786"
},
{
"name": "CVE-2025-71199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71199"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2025-68797",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68797"
},
{
"name": "CVE-2024-49968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49968"
},
{
"name": "CVE-2025-68358",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68358"
},
{
"name": "CVE-2025-68259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68259"
},
{
"name": "CVE-2025-71125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71125"
},
{
"name": "CVE-2026-23006",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23006"
},
{
"name": "CVE-2025-71108",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71108"
},
{
"name": "CVE-2025-68789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68789"
},
{
"name": "CVE-2025-71069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71069"
},
{
"name": "CVE-2026-23013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23013"
},
{
"name": "CVE-2025-71195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71195"
},
{
"name": "CVE-2026-22994",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22994"
},
{
"name": "CVE-2026-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23083"
},
{
"name": "CVE-2026-23088",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23088"
},
{
"name": "CVE-2025-68774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68774"
},
{
"name": "CVE-2026-23108",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23108"
},
{
"name": "CVE-2025-71180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71180"
},
{
"name": "CVE-2025-38232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38232"
},
{
"name": "CVE-2025-71194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71194"
},
{
"name": "CVE-2025-71157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71157"
},
{
"name": "CVE-2026-23023",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23023"
},
{
"name": "CVE-2026-22999",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22999"
},
{
"name": "CVE-2025-71082",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71082"
},
{
"name": "CVE-2026-23068",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23068"
},
{
"name": "CVE-2025-68765",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68765"
},
{
"name": "CVE-2026-23089",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23089"
},
{
"name": "CVE-2025-71132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71132"
},
{
"name": "CVE-2026-23071",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23071"
},
{
"name": "CVE-2026-23056",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23056"
},
{
"name": "CVE-2025-71077",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71077"
},
{
"name": "CVE-2025-71140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71140"
},
{
"name": "CVE-2025-22111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22111"
},
{
"name": "CVE-2026-23063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23063"
},
{
"name": "CVE-2026-23073",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23073"
},
{
"name": "CVE-2025-71114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71114"
},
{
"name": "CVE-2026-23058",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23058"
},
{
"name": "CVE-2025-71067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71067"
},
{
"name": "CVE-2025-71182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71182"
},
{
"name": "CVE-2026-23038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23038"
},
{
"name": "CVE-2025-71151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71151"
},
{
"name": "CVE-2026-22990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22990"
},
{
"name": "CVE-2026-23000",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23000"
},
{
"name": "CVE-2025-71186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71186"
},
{
"name": "CVE-2025-68821",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68821"
},
{
"name": "CVE-2026-23026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23026"
},
{
"name": "CVE-2025-68325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68325"
},
{
"name": "CVE-2025-71190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71190"
},
{
"name": "CVE-2025-71089",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71089"
},
{
"name": "CVE-2026-23107",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23107"
},
{
"name": "CVE-2025-68332",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68332"
},
{
"name": "CVE-2025-71104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71104"
},
{
"name": "CVE-2026-22978",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22978"
},
{
"name": "CVE-2025-38129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38129"
},
{
"name": "CVE-2026-23037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23037"
},
{
"name": "CVE-2025-71101",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71101"
},
{
"name": "CVE-2026-23001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23001"
},
{
"name": "CVE-2025-68367",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68367"
},
{
"name": "CVE-2025-68820",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68820"
},
{
"name": "CVE-2025-68740",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68740"
},
{
"name": "CVE-2025-68742",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68742"
},
{
"name": "CVE-2026-23025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23025"
},
{
"name": "CVE-2024-46786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46786"
},
{
"name": "CVE-2025-68816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68816"
},
{
"name": "CVE-2025-68357",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68357"
},
{
"name": "CVE-2025-68256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68256"
},
{
"name": "CVE-2025-68777",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68777"
},
{
"name": "CVE-2025-71129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71129"
},
{
"name": "CVE-2025-68254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68254"
},
{
"name": "CVE-2025-39872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39872"
},
{
"name": "CVE-2026-22982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22982"
},
{
"name": "CVE-2025-71109",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71109"
},
{
"name": "CVE-2025-71118",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71118"
},
{
"name": "CVE-2025-71150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71150"
},
{
"name": "CVE-2025-39721",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39721"
},
{
"name": "CVE-2026-23091",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23091"
},
{
"name": "CVE-2025-38718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38718"
},
{
"name": "CVE-2025-71192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71192"
},
{
"name": "CVE-2025-68776",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68776"
},
{
"name": "CVE-2025-71066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71066"
},
{
"name": "CVE-2025-68799",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68799"
},
{
"name": "CVE-2025-68345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68345"
},
{
"name": "CVE-2025-71097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71097"
},
{
"name": "CVE-2025-71107",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71107"
},
{
"name": "CVE-2025-71111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71111"
},
{
"name": "CVE-2026-23087",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23087"
},
{
"name": "CVE-2025-68802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68802"
},
{
"name": "CVE-2025-71185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71185"
},
{
"name": "CVE-2025-68811",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68811"
},
{
"name": "CVE-2026-23096",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23096"
},
{
"name": "CVE-2025-68337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68337"
},
{
"name": "CVE-2025-68351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68351"
},
{
"name": "CVE-2025-71131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71131"
},
{
"name": "CVE-2025-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40149"
},
{
"name": "CVE-2025-40164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40164"
},
{
"name": "CVE-2025-71116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71116"
},
{
"name": "CVE-2023-52658",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52658"
},
{
"name": "CVE-2025-68362",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68362"
},
{
"name": "CVE-2026-23002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23002"
},
{
"name": "CVE-2025-68333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68333"
},
{
"name": "CVE-2025-71160",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71160"
},
{
"name": "CVE-2024-58096",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58096"
},
{
"name": "CVE-2025-71162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71162"
},
{
"name": "CVE-2026-23075",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23075"
},
{
"name": "CVE-2025-68803",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68803"
},
{
"name": "CVE-2026-22996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22996"
},
{
"name": "CVE-2026-23105",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23105"
},
{
"name": "CVE-2026-22976",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22976"
},
{
"name": "CVE-2026-23065",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23065"
},
{
"name": "CVE-2025-68753",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68753"
},
{
"name": "CVE-2025-68781",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68781"
},
{
"name": "CVE-2025-68369",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68369"
},
{
"name": "CVE-2025-68775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68775"
},
{
"name": "CVE-2025-71112",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71112"
},
{
"name": "CVE-2023-54285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-54285"
},
{
"name": "CVE-2026-23086",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23086"
},
{
"name": "CVE-2025-22022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22022"
},
{
"name": "CVE-2025-68818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68818"
},
{
"name": "CVE-2025-40170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40170"
},
{
"name": "CVE-2025-38125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38125"
},
{
"name": "CVE-2025-71148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71148"
},
{
"name": "CVE-2025-68366",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68366"
},
{
"name": "CVE-2025-68815",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68815"
},
{
"name": "CVE-2025-40215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40215"
},
{
"name": "CVE-2025-71193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71193"
},
{
"name": "CVE-2026-23095",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23095"
},
{
"name": "CVE-2025-68346",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68346"
},
{
"name": "CVE-2025-71163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71163"
},
{
"name": "CVE-2026-23062",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23062"
},
{
"name": "CVE-2025-71096",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71096"
},
{
"name": "CVE-2025-71099",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71099"
},
{
"name": "CVE-2025-71095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71095"
},
{
"name": "CVE-2025-71105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71105"
},
{
"name": "CVE-2025-68266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68266"
},
{
"name": "CVE-2025-68771",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68771"
},
{
"name": "CVE-2025-68363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68363"
},
{
"name": "CVE-2026-22984",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22984"
},
{
"name": "CVE-2025-68757",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68757"
},
{
"name": "CVE-2024-58097",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58097"
},
{
"name": "CVE-2025-71068",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71068"
},
{
"name": "CVE-2026-23033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23033"
},
{
"name": "CVE-2025-68784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68784"
},
{
"name": "CVE-2026-22977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22977"
},
{
"name": "CVE-2026-23003",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23003"
},
{
"name": "CVE-2025-68766",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68766"
},
{
"name": "CVE-2026-23076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23076"
},
{
"name": "CVE-2025-68792",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68792"
},
{
"name": "CVE-2025-71123",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71123"
},
{
"name": "CVE-2025-68206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68206"
},
{
"name": "CVE-2025-71100",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71100"
},
{
"name": "CVE-2025-68372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68372"
},
{
"name": "CVE-2026-23010",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23010"
},
{
"name": "CVE-2025-71146",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71146"
},
{
"name": "CVE-2025-71137",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71137"
},
{
"name": "CVE-2026-23084",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23084"
},
{
"name": "CVE-2026-22979",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22979"
},
{
"name": "CVE-2026-23011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23011"
},
{
"name": "CVE-2025-71156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71156"
},
{
"name": "CVE-2025-40276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40276"
},
{
"name": "CVE-2026-23110",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23110"
},
{
"name": "CVE-2025-68809",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68809"
},
{
"name": "CVE-2025-71120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71120"
},
{
"name": "CVE-2026-23060",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23060"
},
{
"name": "CVE-2025-68817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68817"
},
{
"name": "CVE-2025-71119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71119"
},
{
"name": "CVE-2025-68787",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68787"
},
{
"name": "CVE-2025-68782",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68782"
},
{
"name": "CVE-2025-71197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71197"
},
{
"name": "CVE-2025-68758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68758"
},
{
"name": "CVE-2026-23031",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23031"
},
{
"name": "CVE-2025-71113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71113"
},
{
"name": "CVE-2025-71127",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71127"
},
{
"name": "CVE-2026-23102",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23102"
},
{
"name": "CVE-2026-22998",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22998"
},
{
"name": "CVE-2026-23050",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23050"
},
{
"name": "CVE-2025-68340",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68340"
},
{
"name": "CVE-2025-40110",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40110"
},
{
"name": "CVE-2025-40325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40325"
},
{
"name": "CVE-2025-68798",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68798"
},
{
"name": "CVE-2025-68336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68336"
},
{
"name": "CVE-2025-68810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68810"
},
{
"name": "CVE-2026-23097",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23097"
},
{
"name": "CVE-2025-71198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71198"
},
{
"name": "CVE-2025-68819",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68819"
},
{
"name": "CVE-2025-71072",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71072"
},
{
"name": "CVE-2026-23021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23021"
},
{
"name": "CVE-2025-68732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68732"
},
{
"name": "CVE-2026-23093",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23093"
},
{
"name": "CVE-2025-71183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71183"
},
{
"name": "CVE-2025-68371",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68371"
},
{
"name": "CVE-2025-68211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68211"
},
{
"name": "CVE-2025-71091",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71091"
},
{
"name": "CVE-2026-23053",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23053"
},
{
"name": "CVE-2025-71184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71184"
},
{
"name": "CVE-2025-68263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68263"
},
{
"name": "CVE-2025-68800",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68800"
},
{
"name": "CVE-2025-68261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68261"
},
{
"name": "CVE-2025-71149",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71149"
},
{
"name": "CVE-2025-68767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68767"
},
{
"name": "CVE-2025-68727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68727"
},
{
"name": "CVE-2026-23080",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23080"
},
{
"name": "CVE-2025-38361",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38361"
},
{
"name": "CVE-2025-38248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38248"
},
{
"name": "CVE-2025-68264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68264"
},
{
"name": "CVE-2025-68764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68764"
}
],
"initial_release_date": "2026-02-13T00:00:00",
"last_revision_date": "2026-02-13T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0166",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2026-02-09",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-6127-1",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00036.html"
},
{
"published_at": "2026-02-09",
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-6126-1",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00035.html"
}
]
}
GHSA-JFX6-G684-5HPW
Vulnerability from github – Published: 2026-02-04 18:30 – Updated: 2026-03-17 21:31
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
uacce: fix isolate sysfs check condition
uacce supports the device isolation feature. If the driver implements the isolate_err_threshold_read and isolate_err_threshold_write callback functions, uacce will create sysfs files now. Users can read and configure the isolation policy through sysfs. Currently, sysfs files are created as long as either isolate_err_threshold_read or isolate_err_threshold_write callback functions are present.
However, accessing a non-existent callback function may cause the system to crash. Therefore, intercept the creation of sysfs if neither read nor write exists; create sysfs if either is supported, but intercept unsupported operations at the call site.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-23094"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-04T17:16:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: fix isolate sysfs check condition\n\nuacce supports the device isolation feature. If the driver\nimplements the isolate_err_threshold_read and\nisolate_err_threshold_write callback functions, uacce will create\nsysfs files now. Users can read and configure the isolation policy\nthrough sysfs. Currently, sysfs files are created as long as either\nisolate_err_threshold_read or isolate_err_threshold_write callback\nfunctions are present.\n\nHowever, accessing a non-existent callback function may cause the\nsystem to crash. Therefore, intercept the creation of sysfs if\nneither read nor write exists; create sysfs if either is supported,\nbut intercept unsupported operations at the call site.",
"id": "GHSA-jfx6-g684-5hpw",
"modified": "2026-03-17T21:31:40Z",
"published": "2026-02-04T18:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23094"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/82821a681d5dcce31475a65190fc39ea8f372cc0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98eec349259b1fd876f350b1c600403bcef8f85d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9ab05cdcac354b1b1139918f49c6418b9005d042"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fdbbb47d15ae17bf39fafec7e2028c1f8efba15e"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
FKIE_CVE-2026-23094
Vulnerability from fkie_nvd - Published: 2026-02-04 17:16 - Updated: 2026-03-17 21:09
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
uacce: fix isolate sysfs check condition
uacce supports the device isolation feature. If the driver
implements the isolate_err_threshold_read and
isolate_err_threshold_write callback functions, uacce will create
sysfs files now. Users can read and configure the isolation policy
through sysfs. Currently, sysfs files are created as long as either
isolate_err_threshold_read or isolate_err_threshold_write callback
functions are present.
However, accessing a non-existent callback function may cause the
system to crash. Therefore, intercept the creation of sysfs if
neither read nor write exists; create sysfs if either is supported,
but intercept unsupported operations at the call site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 6.19 | |
| linux | linux_kernel | 6.19 | |
| linux | linux_kernel | 6.19 | |
| linux | linux_kernel | 6.19 | |
| linux | linux_kernel | 6.19 | |
| linux | linux_kernel | 6.19 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA5AD755-3F64-45B9-8709-1D24A061B353",
"versionEndExcluding": "6.6.122",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52F38E19-0FDD-4992-9D6D-D4169D689598",
"versionEndExcluding": "6.12.68",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E",
"versionEndExcluding": "6.18.8",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*",
"matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: fix isolate sysfs check condition\n\nuacce supports the device isolation feature. If the driver\nimplements the isolate_err_threshold_read and\nisolate_err_threshold_write callback functions, uacce will create\nsysfs files now. Users can read and configure the isolation policy\nthrough sysfs. Currently, sysfs files are created as long as either\nisolate_err_threshold_read or isolate_err_threshold_write callback\nfunctions are present.\n\nHowever, accessing a non-existent callback function may cause the\nsystem to crash. Therefore, intercept the creation of sysfs if\nneither read nor write exists; create sysfs if either is supported,\nbut intercept unsupported operations at the call site."
},
{
"lang": "es",
"value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nuacce: corregir la condici\u00f3n de verificaci\u00f3n de sysfs de aislamiento\n\nuacce soporta la caracter\u00edstica de aislamiento de dispositivos. Si el controlador implementa las funciones de callback isolate_err_threshold_read e isolate_err_threshold_write, uacce crear\u00e1 archivos sysfs ahora. Los usuarios pueden leer y configurar la pol\u00edtica de aislamiento a trav\u00e9s de sysfs. Actualmente, los archivos sysfs se crean siempre que est\u00e9n presentes las funciones de callback isolate_err_threshold_read o isolate_err_threshold_write.\n\nSin embargo, acceder a una funci\u00f3n de callback inexistente puede causar que el sistema falle. Por lo tanto, interceptar la creaci\u00f3n de sysfs si no existe ni lectura ni escritura; crear sysfs si se soporta cualquiera de los dos, pero interceptar las operaciones no soportadas en el sitio de la llamada."
}
],
"id": "CVE-2026-23094",
"lastModified": "2026-03-17T21:09:04.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-02-04T17:16:20.273",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/82821a681d5dcce31475a65190fc39ea8f372cc0"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/98eec349259b1fd876f350b1c600403bcef8f85d"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/9ab05cdcac354b1b1139918f49c6418b9005d042"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/fdbbb47d15ae17bf39fafec7e2028c1f8efba15e"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
SUSE-SU-2026:20667-1
Vulnerability from csaf_suse - Published: 2026-03-11 15:14 - Updated: 2026-03-11 15:14Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992).
- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
- CVE-2025-39748: bpf: Forget ranges when refining tnum after JSET (bsc#1249587).
- CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966).
- CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911).
- CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924).
- CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd (bsc#1255379).
- CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129).
- CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530).
- CVE-2025-68736: landlock: Fix handling of disconnected directories (bsc#1255698).
- CVE-2025-68778: btrfs: don't log conflicting inode if it's a dir moved in the current transaction (bsc#1256683).
- CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640).
- CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679).
- CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802).
- CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708).
- CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716).
- CVE-2025-71126: mptcp: reset fallback status gracefully at disconnect() time (bsc#1256755).
- CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159).
- CVE-2025-71184: btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635).
- CVE-2025-71194: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (bsc#1257687).
- CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411).
- CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228).
- CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179).
- CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209).
- CVE-2026-23003: geneve: Fix incorrect inner network header offset when innerprotoinherit is set (bsc#1257246).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552).
- CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559).
- CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718).
- CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23083: fou: Don't allow 0 for FOU_ATTR_IPPROTO (bsc#1257745).
- CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830).
- CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758).
- CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).
- CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816).
- CVE-2026-23102: arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772).
- CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).
- CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775).
- CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762).
- CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181).
- CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184).
- CVE-2026-23113: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (bsc#1258278).
- CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277).
- CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273).
- CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304).
- CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377).
- CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272).
- CVE-2026-23171: net: bonding: update the slave array for broadcast mode (bsc#1258349).
- CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520).
- CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321).
- CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23213: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (bsc#1258465).
- CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).
The following non security issues were fixed:
- ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes).
- HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes).
- PM: sleep: wakeirq: Update outdated documentation comments (git-fixes).
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153)
- Update upstreamed net and powerpc patch references and sorting
- bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691).
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).
- clocksource: Print durations for sync check unconditionally (bsc#1241345).
- clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345).
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes).
- landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes).
- shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564).
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes).
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
Patchnames: SUSE-SLE-Micro-6.1-kernel-291
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992).\n- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).\n- CVE-2025-39748: bpf: Forget ranges when refining tnum after JSET (bsc#1249587).\n- CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966).\n- CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911).\n- CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924).\n- CVE-2025-68283: libceph: replace BUG_ON with bounds check for map-\u003emax_osd (bsc#1255379).\n- CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129).\n- CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530).\n- CVE-2025-68736: landlock: Fix handling of disconnected directories (bsc#1255698).\n- CVE-2025-68778: btrfs: don\u0027t log conflicting inode if it\u0027s a dir moved in the current transaction (bsc#1256683).\n- CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640).\n- CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679).\n- CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802).\n- CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708).\n- CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716).\n- CVE-2025-71126: mptcp: reset fallback status gracefully at disconnect() time (bsc#1256755).\n- CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159).\n- CVE-2025-71184: btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635).\n- CVE-2025-71194: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (bsc#1257687).\n- CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411).\n- CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228).\n- CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179).\n- CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209).\n- CVE-2026-23003: geneve: Fix incorrect inner network header offset when innerprotoinherit is set (bsc#1257246).\n- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).\n- CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552).\n- CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559).\n- CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718).\n- CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).\n- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen\u003c8) to match ESP/ESN spec (bsc#1257735).\n- CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).\n- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).\n- CVE-2026-23083: fou: Don\u0027t allow 0 for FOU_ATTR_IPPROTO (bsc#1257745).\n- CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830).\n- CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758).\n- CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757).\n- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).\n- CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).\n- CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816).\n- CVE-2026-23102: arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772).\n- CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).\n- CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775).\n- CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762).\n- CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761).\n- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181).\n- CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184).\n- CVE-2026-23113: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (bsc#1258278).\n- CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277).\n- CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273).\n- CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304).\n- CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377).\n- CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272).\n- CVE-2026-23171: net: bonding: update the slave array for broadcast mode (bsc#1258349).\n- CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520).\n- CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394).\n- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).\n- CVE-2026-23198: KVM: Don\u0027t clobber irqfd routing type when deassigning irqfd (bsc#1258321).\n- CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468).\n- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).\n- CVE-2026-23213: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (bsc#1258465).\n- CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).\n\nThe following non security issues were fixed:\n\n- ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes).\n- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes).\n- ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes).\n- HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes).\n- PM: sleep: wakeirq: Update outdated documentation comments (git-fixes).\n- Update \"drm/mgag200: fix mgag200_bmc_stop_scanout()\" bug number (bsc#1258153)\n- Update upstreamed net and powerpc patch references and sorting\n- bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691).\n- btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).\n- clocksource: Print durations for sync check unconditionally (bsc#1241345).\n- clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345).\n- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).\n- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes).\n- landlock: Optimize file path walks and prepare for audit support (bsc#1255698).\n- media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes).\n- shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564).\n- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)\n- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)\n- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)\n- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)\n- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)\n- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)\n- staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes).\n- wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes).\n- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-291",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20667-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20667-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620667-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20667-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024746.html"
},
{
"category": "self",
"summary": "SUSE Bug 1241345",
"url": "https://bugzilla.suse.com/1241345"
},
{
"category": "self",
"summary": "SUSE Bug 1243055",
"url": "https://bugzilla.suse.com/1243055"
},
{
"category": "self",
"summary": "SUSE Bug 1249587",
"url": "https://bugzilla.suse.com/1249587"
},
{
"category": "self",
"summary": "SUSE Bug 1251966",
"url": "https://bugzilla.suse.com/1251966"
},
{
"category": "self",
"summary": "SUSE Bug 1252911",
"url": "https://bugzilla.suse.com/1252911"
},
{
"category": "self",
"summary": "SUSE Bug 1252924",
"url": "https://bugzilla.suse.com/1252924"
},
{
"category": "self",
"summary": "SUSE Bug 1253691",
"url": "https://bugzilla.suse.com/1253691"
},
{
"category": "self",
"summary": "SUSE Bug 1254992",
"url": "https://bugzilla.suse.com/1254992"
},
{
"category": "self",
"summary": "SUSE Bug 1255129",
"url": "https://bugzilla.suse.com/1255129"
},
{
"category": "self",
"summary": "SUSE Bug 1255265",
"url": "https://bugzilla.suse.com/1255265"
},
{
"category": "self",
"summary": "SUSE Bug 1255379",
"url": "https://bugzilla.suse.com/1255379"
},
{
"category": "self",
"summary": "SUSE Bug 1255530",
"url": "https://bugzilla.suse.com/1255530"
},
{
"category": "self",
"summary": "SUSE Bug 1255698",
"url": "https://bugzilla.suse.com/1255698"
},
{
"category": "self",
"summary": "SUSE Bug 1256564",
"url": "https://bugzilla.suse.com/1256564"
},
{
"category": "self",
"summary": "SUSE Bug 1256640",
"url": "https://bugzilla.suse.com/1256640"
},
{
"category": "self",
"summary": "SUSE Bug 1256679",
"url": "https://bugzilla.suse.com/1256679"
},
{
"category": "self",
"summary": "SUSE Bug 1256683",
"url": "https://bugzilla.suse.com/1256683"
},
{
"category": "self",
"summary": "SUSE Bug 1256708",
"url": "https://bugzilla.suse.com/1256708"
},
{
"category": "self",
"summary": "SUSE Bug 1256716",
"url": "https://bugzilla.suse.com/1256716"
},
{
"category": "self",
"summary": "SUSE Bug 1256755",
"url": "https://bugzilla.suse.com/1256755"
},
{
"category": "self",
"summary": "SUSE Bug 1256802",
"url": "https://bugzilla.suse.com/1256802"
},
{
"category": "self",
"summary": "SUSE Bug 1256863",
"url": "https://bugzilla.suse.com/1256863"
},
{
"category": "self",
"summary": "SUSE Bug 1257159",
"url": "https://bugzilla.suse.com/1257159"
},
{
"category": "self",
"summary": "SUSE Bug 1257179",
"url": "https://bugzilla.suse.com/1257179"
},
{
"category": "self",
"summary": "SUSE Bug 1257209",
"url": "https://bugzilla.suse.com/1257209"
},
{
"category": "self",
"summary": "SUSE Bug 1257228",
"url": "https://bugzilla.suse.com/1257228"
},
{
"category": "self",
"summary": "SUSE Bug 1257231",
"url": "https://bugzilla.suse.com/1257231"
},
{
"category": "self",
"summary": "SUSE Bug 1257246",
"url": "https://bugzilla.suse.com/1257246"
},
{
"category": "self",
"summary": "SUSE Bug 1257552",
"url": "https://bugzilla.suse.com/1257552"
},
{
"category": "self",
"summary": "SUSE Bug 1257554",
"url": "https://bugzilla.suse.com/1257554"
},
{
"category": "self",
"summary": "SUSE Bug 1257557",
"url": "https://bugzilla.suse.com/1257557"
},
{
"category": "self",
"summary": "SUSE Bug 1257559",
"url": "https://bugzilla.suse.com/1257559"
},
{
"category": "self",
"summary": "SUSE Bug 1257560",
"url": "https://bugzilla.suse.com/1257560"
},
{
"category": "self",
"summary": "SUSE Bug 1257562",
"url": "https://bugzilla.suse.com/1257562"
},
{
"category": "self",
"summary": "SUSE Bug 1257570",
"url": "https://bugzilla.suse.com/1257570"
},
{
"category": "self",
"summary": "SUSE Bug 1257573",
"url": "https://bugzilla.suse.com/1257573"
},
{
"category": "self",
"summary": "SUSE Bug 1257576",
"url": "https://bugzilla.suse.com/1257576"
},
{
"category": "self",
"summary": "SUSE Bug 1257579",
"url": "https://bugzilla.suse.com/1257579"
},
{
"category": "self",
"summary": "SUSE Bug 1257580",
"url": "https://bugzilla.suse.com/1257580"
},
{
"category": "self",
"summary": "SUSE Bug 1257586",
"url": "https://bugzilla.suse.com/1257586"
},
{
"category": "self",
"summary": "SUSE Bug 1257635",
"url": "https://bugzilla.suse.com/1257635"
},
{
"category": "self",
"summary": "SUSE Bug 1257679",
"url": "https://bugzilla.suse.com/1257679"
},
{
"category": "self",
"summary": "SUSE Bug 1257687",
"url": "https://bugzilla.suse.com/1257687"
},
{
"category": "self",
"summary": "SUSE Bug 1257704",
"url": "https://bugzilla.suse.com/1257704"
},
{
"category": "self",
"summary": "SUSE Bug 1257706",
"url": "https://bugzilla.suse.com/1257706"
},
{
"category": "self",
"summary": "SUSE Bug 1257707",
"url": "https://bugzilla.suse.com/1257707"
},
{
"category": "self",
"summary": "SUSE Bug 1257714",
"url": "https://bugzilla.suse.com/1257714"
},
{
"category": "self",
"summary": "SUSE Bug 1257715",
"url": "https://bugzilla.suse.com/1257715"
},
{
"category": "self",
"summary": "SUSE Bug 1257716",
"url": "https://bugzilla.suse.com/1257716"
},
{
"category": "self",
"summary": "SUSE Bug 1257718",
"url": "https://bugzilla.suse.com/1257718"
},
{
"category": "self",
"summary": "SUSE Bug 1257722",
"url": "https://bugzilla.suse.com/1257722"
},
{
"category": "self",
"summary": "SUSE Bug 1257723",
"url": "https://bugzilla.suse.com/1257723"
},
{
"category": "self",
"summary": "SUSE Bug 1257729",
"url": "https://bugzilla.suse.com/1257729"
},
{
"category": "self",
"summary": "SUSE Bug 1257735",
"url": "https://bugzilla.suse.com/1257735"
},
{
"category": "self",
"summary": "SUSE Bug 1257739",
"url": "https://bugzilla.suse.com/1257739"
},
{
"category": "self",
"summary": "SUSE Bug 1257740",
"url": "https://bugzilla.suse.com/1257740"
},
{
"category": "self",
"summary": "SUSE Bug 1257741",
"url": "https://bugzilla.suse.com/1257741"
},
{
"category": "self",
"summary": "SUSE Bug 1257743",
"url": "https://bugzilla.suse.com/1257743"
},
{
"category": "self",
"summary": "SUSE Bug 1257745",
"url": "https://bugzilla.suse.com/1257745"
},
{
"category": "self",
"summary": "SUSE Bug 1257749",
"url": "https://bugzilla.suse.com/1257749"
},
{
"category": "self",
"summary": "SUSE Bug 1257750",
"url": "https://bugzilla.suse.com/1257750"
},
{
"category": "self",
"summary": "SUSE Bug 1257757",
"url": "https://bugzilla.suse.com/1257757"
},
{
"category": "self",
"summary": "SUSE Bug 1257758",
"url": "https://bugzilla.suse.com/1257758"
},
{
"category": "self",
"summary": "SUSE Bug 1257759",
"url": "https://bugzilla.suse.com/1257759"
},
{
"category": "self",
"summary": "SUSE Bug 1257761",
"url": "https://bugzilla.suse.com/1257761"
},
{
"category": "self",
"summary": "SUSE Bug 1257762",
"url": "https://bugzilla.suse.com/1257762"
},
{
"category": "self",
"summary": "SUSE Bug 1257763",
"url": "https://bugzilla.suse.com/1257763"
},
{
"category": "self",
"summary": "SUSE Bug 1257765",
"url": "https://bugzilla.suse.com/1257765"
},
{
"category": "self",
"summary": "SUSE Bug 1257768",
"url": "https://bugzilla.suse.com/1257768"
},
{
"category": "self",
"summary": "SUSE Bug 1257770",
"url": "https://bugzilla.suse.com/1257770"
},
{
"category": "self",
"summary": "SUSE Bug 1257772",
"url": "https://bugzilla.suse.com/1257772"
},
{
"category": "self",
"summary": "SUSE Bug 1257775",
"url": "https://bugzilla.suse.com/1257775"
},
{
"category": "self",
"summary": "SUSE Bug 1257776",
"url": "https://bugzilla.suse.com/1257776"
},
{
"category": "self",
"summary": "SUSE Bug 1257788",
"url": "https://bugzilla.suse.com/1257788"
},
{
"category": "self",
"summary": "SUSE Bug 1257789",
"url": "https://bugzilla.suse.com/1257789"
},
{
"category": "self",
"summary": "SUSE Bug 1257790",
"url": "https://bugzilla.suse.com/1257790"
},
{
"category": "self",
"summary": "SUSE Bug 1257805",
"url": "https://bugzilla.suse.com/1257805"
},
{
"category": "self",
"summary": "SUSE Bug 1257808",
"url": "https://bugzilla.suse.com/1257808"
},
{
"category": "self",
"summary": "SUSE Bug 1257809",
"url": "https://bugzilla.suse.com/1257809"
},
{
"category": "self",
"summary": "SUSE Bug 1257811",
"url": "https://bugzilla.suse.com/1257811"
},
{
"category": "self",
"summary": "SUSE Bug 1257813",
"url": "https://bugzilla.suse.com/1257813"
},
{
"category": "self",
"summary": "SUSE Bug 1257816",
"url": "https://bugzilla.suse.com/1257816"
},
{
"category": "self",
"summary": "SUSE Bug 1257830",
"url": "https://bugzilla.suse.com/1257830"
},
{
"category": "self",
"summary": "SUSE Bug 1257891",
"url": "https://bugzilla.suse.com/1257891"
},
{
"category": "self",
"summary": "SUSE Bug 1257942",
"url": "https://bugzilla.suse.com/1257942"
},
{
"category": "self",
"summary": "SUSE Bug 1257952",
"url": "https://bugzilla.suse.com/1257952"
},
{
"category": "self",
"summary": "SUSE Bug 1258153",
"url": "https://bugzilla.suse.com/1258153"
},
{
"category": "self",
"summary": "SUSE Bug 1258181",
"url": "https://bugzilla.suse.com/1258181"
},
{
"category": "self",
"summary": "SUSE Bug 1258184",
"url": "https://bugzilla.suse.com/1258184"
},
{
"category": "self",
"summary": "SUSE Bug 1258222",
"url": "https://bugzilla.suse.com/1258222"
},
{
"category": "self",
"summary": "SUSE Bug 1258234",
"url": "https://bugzilla.suse.com/1258234"
},
{
"category": "self",
"summary": "SUSE Bug 1258237",
"url": "https://bugzilla.suse.com/1258237"
},
{
"category": "self",
"summary": "SUSE Bug 1258245",
"url": "https://bugzilla.suse.com/1258245"
},
{
"category": "self",
"summary": "SUSE Bug 1258249",
"url": "https://bugzilla.suse.com/1258249"
},
{
"category": "self",
"summary": "SUSE Bug 1258252",
"url": "https://bugzilla.suse.com/1258252"
},
{
"category": "self",
"summary": "SUSE Bug 1258256",
"url": "https://bugzilla.suse.com/1258256"
},
{
"category": "self",
"summary": "SUSE Bug 1258259",
"url": "https://bugzilla.suse.com/1258259"
},
{
"category": "self",
"summary": "SUSE Bug 1258272",
"url": "https://bugzilla.suse.com/1258272"
},
{
"category": "self",
"summary": "SUSE Bug 1258273",
"url": "https://bugzilla.suse.com/1258273"
},
{
"category": "self",
"summary": "SUSE Bug 1258277",
"url": "https://bugzilla.suse.com/1258277"
},
{
"category": "self",
"summary": "SUSE Bug 1258278",
"url": "https://bugzilla.suse.com/1258278"
},
{
"category": "self",
"summary": "SUSE Bug 1258279",
"url": "https://bugzilla.suse.com/1258279"
},
{
"category": "self",
"summary": "SUSE Bug 1258299",
"url": "https://bugzilla.suse.com/1258299"
},
{
"category": "self",
"summary": "SUSE Bug 1258304",
"url": "https://bugzilla.suse.com/1258304"
},
{
"category": "self",
"summary": "SUSE Bug 1258309",
"url": "https://bugzilla.suse.com/1258309"
},
{
"category": "self",
"summary": "SUSE Bug 1258313",
"url": "https://bugzilla.suse.com/1258313"
},
{
"category": "self",
"summary": "SUSE Bug 1258317",
"url": "https://bugzilla.suse.com/1258317"
},
{
"category": "self",
"summary": "SUSE Bug 1258321",
"url": "https://bugzilla.suse.com/1258321"
},
{
"category": "self",
"summary": "SUSE Bug 1258326",
"url": "https://bugzilla.suse.com/1258326"
},
{
"category": "self",
"summary": "SUSE Bug 1258338",
"url": "https://bugzilla.suse.com/1258338"
},
{
"category": "self",
"summary": "SUSE Bug 1258349",
"url": "https://bugzilla.suse.com/1258349"
},
{
"category": "self",
"summary": "SUSE Bug 1258354",
"url": "https://bugzilla.suse.com/1258354"
},
{
"category": "self",
"summary": "SUSE Bug 1258358",
"url": "https://bugzilla.suse.com/1258358"
},
{
"category": "self",
"summary": "SUSE Bug 1258374",
"url": "https://bugzilla.suse.com/1258374"
},
{
"category": "self",
"summary": "SUSE Bug 1258377",
"url": "https://bugzilla.suse.com/1258377"
},
{
"category": "self",
"summary": "SUSE Bug 1258379",
"url": "https://bugzilla.suse.com/1258379"
},
{
"category": "self",
"summary": "SUSE Bug 1258394",
"url": "https://bugzilla.suse.com/1258394"
},
{
"category": "self",
"summary": "SUSE Bug 1258395",
"url": "https://bugzilla.suse.com/1258395"
},
{
"category": "self",
"summary": "SUSE Bug 1258397",
"url": "https://bugzilla.suse.com/1258397"
},
{
"category": "self",
"summary": "SUSE Bug 1258411",
"url": "https://bugzilla.suse.com/1258411"
},
{
"category": "self",
"summary": "SUSE Bug 1258415",
"url": "https://bugzilla.suse.com/1258415"
},
{
"category": "self",
"summary": "SUSE Bug 1258419",
"url": "https://bugzilla.suse.com/1258419"
},
{
"category": "self",
"summary": "SUSE Bug 1258422",
"url": "https://bugzilla.suse.com/1258422"
},
{
"category": "self",
"summary": "SUSE Bug 1258424",
"url": "https://bugzilla.suse.com/1258424"
},
{
"category": "self",
"summary": "SUSE Bug 1258429",
"url": "https://bugzilla.suse.com/1258429"
},
{
"category": "self",
"summary": "SUSE Bug 1258442",
"url": "https://bugzilla.suse.com/1258442"
},
{
"category": "self",
"summary": "SUSE Bug 1258464",
"url": "https://bugzilla.suse.com/1258464"
},
{
"category": "self",
"summary": "SUSE Bug 1258465",
"url": "https://bugzilla.suse.com/1258465"
},
{
"category": "self",
"summary": "SUSE Bug 1258468",
"url": "https://bugzilla.suse.com/1258468"
},
{
"category": "self",
"summary": "SUSE Bug 1258469",
"url": "https://bugzilla.suse.com/1258469"
},
{
"category": "self",
"summary": "SUSE Bug 1258484",
"url": "https://bugzilla.suse.com/1258484"
},
{
"category": "self",
"summary": "SUSE Bug 1258518",
"url": "https://bugzilla.suse.com/1258518"
},
{
"category": "self",
"summary": "SUSE Bug 1258519",
"url": "https://bugzilla.suse.com/1258519"
},
{
"category": "self",
"summary": "SUSE Bug 1258520",
"url": "https://bugzilla.suse.com/1258520"
},
{
"category": "self",
"summary": "SUSE Bug 1258524",
"url": "https://bugzilla.suse.com/1258524"
},
{
"category": "self",
"summary": "SUSE Bug 1258544",
"url": "https://bugzilla.suse.com/1258544"
},
{
"category": "self",
"summary": "SUSE Bug 1258660",
"url": "https://bugzilla.suse.com/1258660"
},
{
"category": "self",
"summary": "SUSE Bug 1258824",
"url": "https://bugzilla.suse.com/1258824"
},
{
"category": "self",
"summary": "SUSE Bug 1258928",
"url": "https://bugzilla.suse.com/1258928"
},
{
"category": "self",
"summary": "SUSE Bug 1259070",
"url": "https://bugzilla.suse.com/1259070"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-53817 page",
"url": "https://www.suse.com/security/cve/CVE-2023-53817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-37861 page",
"url": "https://www.suse.com/security/cve/CVE-2025-37861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39748 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39964 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39964/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40099 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40103 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68295 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68295/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68374 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68778 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68778/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68810 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68810/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71071 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71104 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71113 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71126 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71148 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71182 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71184 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71185 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71188 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71188/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71189 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71191 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71192 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71194 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71195 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71196 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71197 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71198 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71199 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71200 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71222 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71224 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71225 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71232 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71234 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71235 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71236 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22979 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22979/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22982 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22998 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23003 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23003/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23004 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23017 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23021 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23021/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23026 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23026/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23033 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23035 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23035/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23037 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23049 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23049/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23053 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23056 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23057 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23057/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23058 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23060 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23060/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23061 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23063 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23063/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23064 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23064/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23068 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23071 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23071/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23073 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23073/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23074 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23074/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23076 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23078 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23080 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23082 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23082/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23083 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23084 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23085/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23086 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23086/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23089 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23089/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23090 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23090/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23091 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23091/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23094 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23094/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23095 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23096 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23099 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23101 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23102 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23102/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23104 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23105 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23107 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23107/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23108 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23110 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23111 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23111/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23112 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23113 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23113/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23116 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23119 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23119/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23121 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23121/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23129 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23133 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23135 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23139 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23141 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23145 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23146 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23146/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23150 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23151 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23151/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23152 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23152/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23155 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23156 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23163 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23163/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23166 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23167 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23170 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23170/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23171 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23171/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23172 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23172/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23173 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23173/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23176 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23176/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23178 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23178/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23179 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23182 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23182/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23190 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23191 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23198 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23202 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23207 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23208 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23209 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23213 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23213/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23214 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23214/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23221 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23222 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23229/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-03-11T15:14:55Z",
"generator": {
"date": "2026-03-11T15:14:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20667-1",
"initial_release_date": "2026-03-11T15:14:55Z",
"revision_history": [
{
"date": "2026-03-11T15:14:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-40.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-40.1.aarch64",
"product_id": "kernel-default-6.4.0-40.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-40.1.21.17.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-40.1.21.17.aarch64",
"product_id": "kernel-default-base-6.4.0-40.1.21.17.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-40.1.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-40.1.aarch64",
"product_id": "kernel-default-devel-6.4.0-40.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-40.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-40.1.noarch",
"product_id": "kernel-devel-6.4.0-40.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-40.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-40.1.noarch",
"product_id": "kernel-macros-6.4.0-40.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-40.1.noarch",
"product": {
"name": "kernel-source-6.4.0-40.1.noarch",
"product_id": "kernel-source-6.4.0-40.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-40.1.ppc64le",
"product": {
"name": "kernel-default-6.4.0-40.1.ppc64le",
"product_id": "kernel-default-6.4.0-40.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"product": {
"name": "kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"product_id": "kernel-default-base-6.4.0-40.1.21.17.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-40.1.ppc64le",
"product": {
"name": "kernel-default-devel-6.4.0-40.1.ppc64le",
"product_id": "kernel-default-devel-6.4.0-40.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-40.1.s390x",
"product": {
"name": "kernel-default-6.4.0-40.1.s390x",
"product_id": "kernel-default-6.4.0-40.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-40.1.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-40.1.s390x",
"product_id": "kernel-default-devel-6.4.0-40.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-40.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-40.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-40.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-40.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-40.1.x86_64",
"product_id": "kernel-default-6.4.0-40.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-40.1.21.17.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-40.1.21.17.x86_64",
"product_id": "kernel-default-base-6.4.0-40.1.21.17.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-40.1.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-40.1.x86_64",
"product_id": "kernel-default-devel-6.4.0-40.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-40.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-40.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-40.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-40.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-40.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-40.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-40.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-40.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le"
},
"product_reference": "kernel-default-6.4.0-40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-40.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x"
},
"product_reference": "kernel-default-6.4.0-40.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-40.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-40.1.21.17.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-40.1.21.17.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-40.1.21.17.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-40.1.21.17.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-40.1.21.17.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-40.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-40.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-40.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-40.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-40.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-40.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-40.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-40.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-40.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-40.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-40.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-40.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-40.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-40.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-40.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-40.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-40.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
},
"product_reference": "kernel-source-6.4.0-40.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-53817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-53817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()\n\nDuring NVMeTCP Authentication a controller can trigger a kernel\noops by specifying the 8192 bit Diffie Hellman group and passing\na correctly sized, but zeroed Diffie Hellamn value.\nmpi_cmp_ui() was detecting this if the second parameter was 0,\nbut 1 is passed from dh_is_pubkey_valid(). This causes the null\npointer u-\u003ed to be dereferenced towards the end of mpi_cmp_ui()",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-53817",
"url": "https://www.suse.com/security/cve/CVE-2023-53817"
},
{
"category": "external",
"summary": "SUSE Bug 1254992 for CVE-2023-53817",
"url": "https://bugzilla.suse.com/1254992"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2023-53817"
},
{
"cve": "CVE-2025-37861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-37861"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue\n\nWhen the task management thread processes reply queues while the reset\nthread resets them, the task management thread accesses an invalid queue ID\n(0xFFFF), set by the reset thread, which points to unallocated memory,\ncausing a crash.\n\nAdd flag \u0027io_admin_reset_sync\u0027 to synchronize access between the reset,\nI/O, and admin threads. Before a reset, the reset handler sets this flag to\nblock I/O and admin processing threads. If any thread bypasses the initial\ncheck, the reset thread waits up to 10 seconds for processing to finish. If\nthe wait exceeds 10 seconds, the controller is marked as unrecoverable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-37861",
"url": "https://www.suse.com/security/cve/CVE-2025-37861"
},
{
"category": "external",
"summary": "SUSE Bug 1243055 for CVE-2025-37861",
"url": "https://bugzilla.suse.com/1243055"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-37861"
},
{
"cve": "CVE-2025-39748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Forget ranges when refining tnum after JSET\n\nSyzbot reported a kernel warning due to a range invariant violation on\nthe following BPF program.\n\n 0: call bpf_get_netns_cookie\n 1: if r0 == 0 goto \u003cexit\u003e\n 2: if r0 \u0026 Oxffffffff goto \u003cexit\u003e\n\nThe issue is on the path where we fall through both jumps.\n\nThat path is unreachable at runtime: after insn 1, we know r0 != 0, but\nwith the sign extension on the jset, we would only fallthrough insn 2\nif r0 == 0. Unfortunately, is_branch_taken() isn\u0027t currently able to\nfigure this out, so the verifier walks all branches. The verifier then\nrefines the register bounds using the second condition and we end\nup with inconsistent bounds on this unreachable path:\n\n 1: if r0 == 0 goto \u003cexit\u003e\n r0: u64=[0x1, 0xffffffffffffffff] var_off=(0, 0xffffffffffffffff)\n 2: if r0 \u0026 0xffffffff goto \u003cexit\u003e\n r0 before reg_bounds_sync: u64=[0x1, 0xffffffffffffffff] var_off=(0, 0)\n r0 after reg_bounds_sync: u64=[0x1, 0] var_off=(0, 0)\n\nImproving the range refinement for JSET to cover all cases is tricky. We\nalso don\u0027t expect many users to rely on JSET given LLVM doesn\u0027t generate\nthose instructions. So instead of improving the range refinement for\nJSETs, Eduard suggested we forget the ranges whenever we\u0027re narrowing\ntnums after a JSET. This patch implements that approach.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39748",
"url": "https://www.suse.com/security/cve/CVE-2025-39748"
},
{
"category": "external",
"summary": "SUSE Bug 1249587 for CVE-2025-39748",
"url": "https://bugzilla.suse.com/1249587"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39748"
},
{
"cve": "CVE-2025-39964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39964"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - Disallow concurrent writes in af_alg_sendmsg\n\nIssuing two writes to the same af_alg socket is bogus as the\ndata will be interleaved in an unpredictable fashion. Furthermore,\nconcurrent writes may create inconsistencies in the internal\nsocket state.\n\nDisallow this by adding a new ctx-\u003ewrite field that indiciates\nexclusive ownership for writing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39964",
"url": "https://www.suse.com/security/cve/CVE-2025-39964"
},
{
"category": "external",
"summary": "SUSE Bug 1251966 for CVE-2025-39964",
"url": "https://bugzilla.suse.com/1251966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-39964"
},
{
"cve": "CVE-2025-40099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: parse_dfs_referrals: prevent oob on malformed input\n\nMalicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS\n\n- reply smaller than sizeof(struct get_dfs_referral_rsp)\n- reply with number of referrals smaller than NumberOfReferrals in the\nheader\n\nProcessing of such replies will cause oob.\n\nReturn -EINVAL error on such replies to prevent oob-s.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40099",
"url": "https://www.suse.com/security/cve/CVE-2025-40099"
},
{
"category": "external",
"summary": "SUSE Bug 1252911 for CVE-2025-40099",
"url": "https://bugzilla.suse.com/1252911"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-40099"
},
{
"cve": "CVE-2025-40103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Fix refcount leak for cifs_sb_tlink\n\nFix three refcount inconsistency issues related to `cifs_sb_tlink`.\n\nComments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be\ncalled after successful calls to `cifs_sb_tlink()`. Three calls fail to\nupdate refcount accordingly, leading to possible resource leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40103",
"url": "https://www.suse.com/security/cve/CVE-2025-40103"
},
{
"category": "external",
"summary": "SUSE Bug 1252924 for CVE-2025-40103",
"url": "https://bugzilla.suse.com/1252924"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "low"
}
],
"title": "CVE-2025-40103"
},
{
"cve": "CVE-2025-68283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68283"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: replace BUG_ON with bounds check for map-\u003emax_osd\n\nOSD indexes come from untrusted network packets. Boundary checks are\nadded to validate these against map-\u003emax_osd.\n\n[ idryomov: drop BUG_ON in ceph_get_primary_affinity(), minor cosmetic\n edits ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68283",
"url": "https://www.suse.com/security/cve/CVE-2025-68283"
},
{
"category": "external",
"summary": "SUSE Bug 1255379 for CVE-2025-68283",
"url": "https://bugzilla.suse.com/1255379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-68283"
},
{
"cve": "CVE-2025-68295",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68295"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix memory leak in cifs_construct_tcon()\n\nWhen having a multiuser mount with domain= specified and using\ncifscreds, cifs_set_cifscreds() will end up setting @ctx-\u003edomainname,\nso it needs to be freed before leaving cifs_construct_tcon().\n\nThis fixes the following memory leak reported by kmemleak:\n\n mount.cifs //srv/share /mnt -o domain=ZELDA,multiuser,...\n su - testuser\n cifscreds add -d ZELDA -u testuser\n ...\n ls /mnt/1\n ...\n umount /mnt\n echo scan \u003e /sys/kernel/debug/kmemleak\n cat /sys/kernel/debug/kmemleak\n unreferenced object 0xffff8881203c3f08 (size 8):\n comm \"ls\", pid 5060, jiffies 4307222943\n hex dump (first 8 bytes):\n 5a 45 4c 44 41 00 cc cc ZELDA...\n backtrace (crc d109a8cf):\n __kmalloc_node_track_caller_noprof+0x572/0x710\n kstrdup+0x3a/0x70\n cifs_sb_tlink+0x1209/0x1770 [cifs]\n cifs_get_fattr+0xe1/0xf50 [cifs]\n cifs_get_inode_info+0xb5/0x240 [cifs]\n cifs_revalidate_dentry_attr+0x2d1/0x470 [cifs]\n cifs_getattr+0x28e/0x450 [cifs]\n vfs_getattr_nosec+0x126/0x180\n vfs_statx+0xf6/0x220\n do_statx+0xab/0x110\n __x64_sys_statx+0xd5/0x130\n do_syscall_64+0xbb/0x380\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68295",
"url": "https://www.suse.com/security/cve/CVE-2025-68295"
},
{
"category": "external",
"summary": "SUSE Bug 1255129 for CVE-2025-68295",
"url": "https://bugzilla.suse.com/1255129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-68295"
},
{
"cve": "CVE-2025-68374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68374"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix rcu protection in md_wakeup_thread\n\nWe attempted to use RCU to protect the pointer \u0027thread\u0027, but directly\npassed the value when calling md_wakeup_thread(). This means that the\nRCU pointer has been acquired before rcu_read_lock(), which renders\nrcu_read_lock() ineffective and could lead to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68374",
"url": "https://www.suse.com/security/cve/CVE-2025-68374"
},
{
"category": "external",
"summary": "SUSE Bug 1255530 for CVE-2025-68374",
"url": "https://bugzilla.suse.com/1255530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-68374"
},
{
"cve": "CVE-2025-68736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Fix handling of disconnected directories\n\nDisconnected files or directories can appear when they are visible and\nopened from a bind mount, but have been renamed or moved from the source\nof the bind mount in a way that makes them inaccessible from the mount\npoint (i.e. out of scope).\n\nPreviously, access rights tied to files or directories opened through a\ndisconnected directory were collected by walking the related hierarchy\ndown to the root of the filesystem, without taking into account the\nmount point because it couldn\u0027t be found. This could lead to\ninconsistent access results, potential access right widening, and\nhard-to-debug renames, especially since such paths cannot be printed.\n\nFor a sandboxed task to create a disconnected directory, it needs to\nhave write access (i.e. FS_MAKE_REG, FS_REMOVE_FILE, and FS_REFER) to\nthe underlying source of the bind mount, and read access to the related\nmount point. Because a sandboxed task cannot acquire more access\nrights than those defined by its Landlock domain, this could lead to\ninconsistent access rights due to missing permissions that should be\ninherited from the mount point hierarchy, while inheriting permissions\nfrom the filesystem hierarchy hidden by this mount point instead.\n\nLandlock now handles files and directories opened from disconnected\ndirectories by taking into account the filesystem hierarchy when the\nmount point is not found in the hierarchy walk, and also always taking\ninto account the mount point from which these disconnected directories\nwere opened. This ensures that a rename is not allowed if it would\nwiden access rights [1].\n\nThe rationale is that, even if disconnected hierarchies might not be\nvisible or accessible to a sandboxed task, relying on the collected\naccess rights from them improves the guarantee that access rights will\nnot be widened during a rename because of the access right comparison\nbetween the source and the destination (see LANDLOCK_ACCESS_FS_REFER).\nIt may look like this would grant more access on disconnected files and\ndirectories, but the security policies are always enforced for all the\nevaluated hierarchies. This new behavior should be less surprising to\nusers and safer from an access control perspective.\n\nRemove a wrong WARN_ON_ONCE() canary in collect_domain_accesses() and\nfix the related comment.\n\nBecause opened files have their access rights stored in the related file\nsecurity properties, there is no impact for disconnected or unlinked\nfiles.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68736",
"url": "https://www.suse.com/security/cve/CVE-2025-68736"
},
{
"category": "external",
"summary": "SUSE Bug 1255698 for CVE-2025-68736",
"url": "https://bugzilla.suse.com/1255698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-68736"
},
{
"cve": "CVE-2025-68778",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68778"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t log conflicting inode if it\u0027s a dir moved in the current transaction\n\nWe can\u0027t log a conflicting inode if it\u0027s a directory and it was moved\nfrom one parent directory to another parent directory in the current\ntransaction, as this can result an attempt to have a directory with\ntwo hard links during log replay, one for the old parent directory and\nanother for the new parent directory.\n\nThe following scenario triggers that issue:\n\n1) We have directories \"dir1\" and \"dir2\" created in a past transaction.\n Directory \"dir1\" has inode A as its parent directory;\n\n2) We move \"dir1\" to some other directory;\n\n3) We create a file with the name \"dir1\" in directory inode A;\n\n4) We fsync the new file. This results in logging the inode of the new file\n and the inode for the directory \"dir1\" that was previously moved in the\n current transaction. So the log tree has the INODE_REF item for the\n new location of \"dir1\";\n\n5) We move the new file to some other directory. This results in updating\n the log tree to included the new INODE_REF for the new location of the\n file and removes the INODE_REF for the old location. This happens\n during the rename when we call btrfs_log_new_name();\n\n6) We fsync the file, and that persists the log tree changes done in the\n previous step (btrfs_log_new_name() only updates the log tree in\n memory);\n\n7) We have a power failure;\n\n8) Next time the fs is mounted, log replay happens and when processing\n the inode for directory \"dir1\" we find a new INODE_REF and add that\n link, but we don\u0027t remove the old link of the inode since we have\n not logged the old parent directory of the directory inode \"dir1\".\n\nAs a result after log replay finishes when we trigger writeback of the\nsubvolume tree\u0027s extent buffers, the tree check will detect that we have\na directory a hard link count of 2 and we get a mount failure.\nThe errors and stack traces reported in dmesg/syslog are like this:\n\n [ 3845.729764] BTRFS info (device dm-0): start tree-log replay\n [ 3845.730304] page: refcount:3 mapcount:0 mapping:000000005c8a3027 index:0x1d00 pfn:0x11510c\n [ 3845.731236] memcg:ffff9264c02f4e00\n [ 3845.731751] aops:btree_aops [btrfs] ino:1\n [ 3845.732300] flags: 0x17fffc00000400a(uptodate|private|writeback|node=0|zone=2|lastcpupid=0x1ffff)\n [ 3845.733346] raw: 017fffc00000400a 0000000000000000 dead000000000122 ffff9264d978aea8\n [ 3845.734265] raw: 0000000000001d00 ffff92650e6d4738 00000003ffffffff ffff9264c02f4e00\n [ 3845.735305] page dumped because: eb page dump\n [ 3845.735981] BTRFS critical (device dm-0): corrupt leaf: root=5 block=30408704 slot=6 ino=257, invalid nlink: has 2 expect no more than 1 for dir\n [ 3845.737786] BTRFS info (device dm-0): leaf 30408704 gen 10 total ptrs 17 free space 14881 owner 5\n [ 3845.737789] BTRFS info (device dm-0): refs 4 lock_owner 0 current 30701\n [ 3845.737792] \titem 0 key (256 INODE_ITEM 0) itemoff 16123 itemsize 160\n [ 3845.737794] \t\tinode generation 3 transid 9 size 16 nbytes 16384\n [ 3845.737795] \t\tblock group 0 mode 40755 links 1 uid 0 gid 0\n [ 3845.737797] \t\trdev 0 sequence 2 flags 0x0\n [ 3845.737798] \t\tatime 1764259517.0\n [ 3845.737800] \t\tctime 1764259517.572889464\n [ 3845.737801] \t\tmtime 1764259517.572889464\n [ 3845.737802] \t\totime 1764259517.0\n [ 3845.737803] \titem 1 key (256 INODE_REF 256) itemoff 16111 itemsize 12\n [ 3845.737805] \t\tindex 0 name_len 2\n [ 3845.737807] \titem 2 key (256 DIR_ITEM 2363071922) itemoff 16077 itemsize 34\n [ 3845.737808] \t\tlocation key (257 1 0) type 2\n [ 3845.737810] \t\ttransid 9 data_len 0 name_len 4\n [ 3845.737811] \titem 3 key (256 DIR_ITEM 2676584006) itemoff 16043 itemsize 34\n [ 3845.737813] \t\tlocation key (258 1 0) type 2\n [ 3845.737814] \t\ttransid 9 data_len 0 name_len 4\n [ 3845.737815] \titem 4 key (256 DIR_INDEX 2) itemoff 16009 itemsize 34\n [ 3845.737816] \t\tlocation key (257 1 0) type 2\n [\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68778",
"url": "https://www.suse.com/security/cve/CVE-2025-68778"
},
{
"category": "external",
"summary": "SUSE Bug 1256683 for CVE-2025-68778",
"url": "https://bugzilla.suse.com/1256683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-68778"
},
{
"cve": "CVE-2025-68785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68785"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: fix middle attribute validation in push_nsh() action\n\nThe push_nsh() action structure looks like this:\n\n OVS_ACTION_ATTR_PUSH_NSH(OVS_KEY_ATTR_NSH(OVS_NSH_KEY_ATTR_BASE,...))\n\nThe outermost OVS_ACTION_ATTR_PUSH_NSH attribute is OK\u0027ed by the\nnla_for_each_nested() inside __ovs_nla_copy_actions(). The innermost\nOVS_NSH_KEY_ATTR_BASE/MD1/MD2 are OK\u0027ed by the nla_for_each_nested()\ninside nsh_key_put_from_nlattr(). But nothing checks if the attribute\nin the middle is OK. We don\u0027t even check that this attribute is the\nOVS_KEY_ATTR_NSH. We just do a double unwrap with a pair of nla_data()\ncalls - first time directly while calling validate_push_nsh() and the\nsecond time as part of the nla_for_each_nested() macro, which isn\u0027t\nsafe, potentially causing invalid memory access if the size of this\nattribute is incorrect. The failure may not be noticed during\nvalidation due to larger netlink buffer, but cause trouble later during\naction execution where the buffer is allocated exactly to the size:\n\n BUG: KASAN: slab-out-of-bounds in nsh_hdr_from_nlattr+0x1dd/0x6a0 [openvswitch]\n Read of size 184 at addr ffff88816459a634 by task a.out/22624\n\n CPU: 8 UID: 0 PID: 22624 6.18.0-rc7+ #115 PREEMPT(voluntary)\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x70\n print_address_description.constprop.0+0x2c/0x390\n kasan_report+0xdd/0x110\n kasan_check_range+0x35/0x1b0\n __asan_memcpy+0x20/0x60\n nsh_hdr_from_nlattr+0x1dd/0x6a0 [openvswitch]\n push_nsh+0x82/0x120 [openvswitch]\n do_execute_actions+0x1405/0x2840 [openvswitch]\n ovs_execute_actions+0xd5/0x3b0 [openvswitch]\n ovs_packet_cmd_execute+0x949/0xdb0 [openvswitch]\n genl_family_rcv_msg_doit+0x1d6/0x2b0\n genl_family_rcv_msg+0x336/0x580\n genl_rcv_msg+0x9f/0x130\n netlink_rcv_skb+0x11f/0x370\n genl_rcv+0x24/0x40\n netlink_unicast+0x73e/0xaa0\n netlink_sendmsg+0x744/0xbf0\n __sys_sendto+0x3d6/0x450\n do_syscall_64+0x79/0x2c0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\nLet\u0027s add some checks that the attribute is properly sized and it\u0027s\nthe only one attribute inside the action. Technically, there is no\nreal reason for OVS_KEY_ATTR_NSH to be there, as we know that we\u0027re\npushing an NSH header already, it just creates extra nesting, but\nthat\u0027s how uAPI works today. So, keeping as it is.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68785",
"url": "https://www.suse.com/security/cve/CVE-2025-68785"
},
{
"category": "external",
"summary": "SUSE Bug 1256640 for CVE-2025-68785",
"url": "https://bugzilla.suse.com/1256640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-68785"
},
{
"cve": "CVE-2025-68810",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68810"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot\n\nReject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was\ninitially created with a guest_memfd binding, as KVM doesn\u0027t support\ntoggling KVM_MEM_GUEST_MEMFD on existing memslots. KVM prevents enabling\nKVM_MEM_GUEST_MEMFD, but doesn\u0027t prevent clearing the flag.\n\nFailure to reject the new memslot results in a use-after-free due to KVM\nnot unbinding from the guest_memfd instance. Unbinding on a FLAGS_ONLY\nchange is easy enough, and can/will be done as a hardening measure (in\nanticipation of KVM supporting dirty logging on guest_memfd at some point),\nbut fixing the use-after-free would only address the immediate symptom.\n\n ==================================================================\n BUG: KASAN: slab-use-after-free in kvm_gmem_release+0x362/0x400 [kvm]\n Write of size 8 at addr ffff8881111ae908 by task repro/745\n\n CPU: 7 UID: 1000 PID: 745 Comm: repro Not tainted 6.18.0-rc6-115d5de2eef3-next-kasan #3 NONE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x51/0x60\n print_report+0xcb/0x5c0\n kasan_report+0xb4/0xe0\n kvm_gmem_release+0x362/0x400 [kvm]\n __fput+0x2fa/0x9d0\n task_work_run+0x12c/0x200\n do_exit+0x6ae/0x2100\n do_group_exit+0xa8/0x230\n __x64_sys_exit_group+0x3a/0x50\n x64_sys_call+0x737/0x740\n do_syscall_64+0x5b/0x900\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7f581f2eac31\n \u003c/TASK\u003e\n\n Allocated by task 745 on cpu 6 at 9.746971s:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x13/0x50\n __kasan_kmalloc+0x77/0x90\n kvm_set_memory_region.part.0+0x652/0x1110 [kvm]\n kvm_vm_ioctl+0x14b0/0x3290 [kvm]\n __x64_sys_ioctl+0x129/0x1a0\n do_syscall_64+0x5b/0x900\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n Freed by task 745 on cpu 6 at 9.747467s:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x13/0x50\n __kasan_save_free_info+0x37/0x50\n __kasan_slab_free+0x3b/0x60\n kfree+0xf5/0x440\n kvm_set_memslot+0x3c2/0x1160 [kvm]\n kvm_set_memory_region.part.0+0x86a/0x1110 [kvm]\n kvm_vm_ioctl+0x14b0/0x3290 [kvm]\n __x64_sys_ioctl+0x129/0x1a0\n do_syscall_64+0x5b/0x900\n entry_SYSCALL_64_after_hwframe+0x4b/0x53",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68810",
"url": "https://www.suse.com/security/cve/CVE-2025-68810"
},
{
"category": "external",
"summary": "SUSE Bug 1256679 for CVE-2025-68810",
"url": "https://bugzilla.suse.com/1256679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-68810"
},
{
"cve": "CVE-2025-71071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/mediatek: fix use-after-free on probe deferral\n\nThe driver is dropping the references taken to the larb devices during\nprobe after successful lookup as well as on errors. This can\npotentially lead to a use-after-free in case a larb device has not yet\nbeen bound to its driver so that the iommu driver probe defers.\n\nFix this by keeping the references as expected while the iommu driver is\nbound.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71071",
"url": "https://www.suse.com/security/cve/CVE-2025-71071"
},
{
"category": "external",
"summary": "SUSE Bug 1256802 for CVE-2025-71071",
"url": "https://bugzilla.suse.com/1256802"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71071"
},
{
"cve": "CVE-2025-71104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer\n\nWhen advancing the target expiration for the guest\u0027s APIC timer in periodic\nmode, set the expiration to \"now\" if the target expiration is in the past\n(similar to what is done in update_target_expiration()). Blindly adding\nthe period to the previous target expiration can result in KVM generating\na practically unbounded number of hrtimer IRQs due to programming an\nexpired timer over and over. In extreme scenarios, e.g. if userspace\npauses/suspends a VM for an extended duration, this can even cause hard\nlockups in the host.\n\nCurrently, the bug only affects Intel CPUs when using the hypervisor timer\n(HV timer), a.k.a. the VMX preemption timer. Unlike the software timer,\na.k.a. hrtimer, which KVM keeps running even on exits to userspace, the\nHV timer only runs while the guest is active. As a result, if the vCPU\ndoes not run for an extended duration, there will be a huge gap between\nthe target expiration and the current time the vCPU resumes running.\nBecause the target expiration is incremented by only one period on each\ntimer expiration, this leads to a series of timer expirations occurring\nrapidly after the vCPU/VM resumes.\n\nMore critically, when the vCPU first triggers a periodic HV timer\nexpiration after resuming, advancing the expiration by only one period\nwill result in a target expiration in the past. As a result, the delta\nmay be calculated as a negative value. When the delta is converted into\nan absolute value (tscdeadline is an unsigned u64), the resulting value\ncan overflow what the HV timer is capable of programming. I.e. the large\nvalue will exceed the VMX Preemption Timer\u0027s maximum bit width of\ncpu_preemption_timer_multi + 32, and thus cause KVM to switch from the\nHV timer to the software timer (hrtimers).\n\nAfter switching to the software timer, periodic timer expiration callbacks\nmay be executed consecutively within a single clock interrupt handler,\nbecause hrtimers honors KVM\u0027s request for an expiration in the past and\nimmediately re-invokes KVM\u0027s callback after reprogramming. And because\nthe interrupt handler runs with IRQs disabled, restarting KVM\u0027s hrtimer\nover and over until the target expiration is advanced to \"now\" can result\nin a hard lockup.\n\nE.g. the following hard lockup was triggered in the host when running a\nWindows VM (only relevant because it used the APIC timer in periodic mode)\nafter resuming the VM from a long suspend (in the host).\n\n NMI watchdog: Watchdog detected hard LOCKUP on cpu 45\n ...\n RIP: 0010:advance_periodic_target_expiration+0x4d/0x80 [kvm]\n ...\n RSP: 0018:ff4f88f5d98d8ef0 EFLAGS: 00000046\n RAX: fff0103f91be678e RBX: fff0103f91be678e RCX: 00843a7d9e127bcc\n RDX: 0000000000000002 RSI: 0052ca4003697505 RDI: ff440d5bfbdbd500\n RBP: ff440d5956f99200 R08: ff2ff2a42deb6a84 R09: 000000000002a6c0\n R10: 0122d794016332b3 R11: 0000000000000000 R12: ff440db1af39cfc0\n R13: ff440db1af39cfc0 R14: ffffffffc0d4a560 R15: ff440db1af39d0f8\n FS: 00007f04a6ffd700(0000) GS:ff440db1af380000(0000) knlGS:000000e38a3b8000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000d5651feff8 CR3: 000000684e038002 CR4: 0000000000773ee0\n PKRU: 55555554\n Call Trace:\n \u003cIRQ\u003e\n apic_timer_fn+0x31/0x50 [kvm]\n __hrtimer_run_queues+0x100/0x280\n hrtimer_interrupt+0x100/0x210\n ? ttwu_do_wakeup+0x19/0x160\n smp_apic_timer_interrupt+0x6a/0x130\n apic_timer_interrupt+0xf/0x20\n \u003c/IRQ\u003e\n\nMoreover, if the suspend duration of the virtual machine is not long enough\nto trigger a hard lockup in this scenario, since commit 98c25ead5eda\n(\"KVM: VMX: Move preemption timer \u003c=\u003e hrtimer dance to common x86\"), KVM\nwill continue using the software timer until the guest reprograms the APIC\ntimer in some way. Since the periodic timer does not require frequent APIC\ntimer register programming, the guest may continue to use the software\ntimer in \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71104",
"url": "https://www.suse.com/security/cve/CVE-2025-71104"
},
{
"category": "external",
"summary": "SUSE Bug 1256708 for CVE-2025-71104",
"url": "https://bugzilla.suse.com/1256708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71104"
},
{
"cve": "CVE-2025-71113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: af_alg - zero initialize memory allocated via sock_kmalloc\n\nSeveral crypto user API contexts and requests allocated with\nsock_kmalloc() were left uninitialized, relying on callers to\nset fields explicitly. This resulted in the use of uninitialized\ndata in certain error paths or when new fields are added in the\nfuture.\n\nThe ACVP patches also contain two user-space interface files:\nalgif_kpp.c and algif_akcipher.c. These too rely on proper\ninitialization of their context structures.\n\nA particular issue has been observed with the newly added\n\u0027inflight\u0027 variable introduced in af_alg_ctx by commit:\n\n 67b164a871af (\"crypto: af_alg - Disallow multiple in-flight AIO requests\")\n\nBecause the context is not memset to zero after allocation,\nthe inflight variable has contained garbage values. As a result,\naf_alg_alloc_areq() has incorrectly returned -EBUSY randomly when\nthe garbage value was interpreted as true:\n\n https://github.com/gregkh/linux/blame/master/crypto/af_alg.c#L1209\n\nThe check directly tests ctx-\u003einflight without explicitly\ncomparing against true/false. Since inflight is only ever set to\ntrue or false later, an uninitialized value has triggered\n-EBUSY failures. Zero-initializing memory allocated with\nsock_kmalloc() ensures inflight and other fields start in a known\nstate, removing random issues caused by uninitialized data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71113",
"url": "https://www.suse.com/security/cve/CVE-2025-71113"
},
{
"category": "external",
"summary": "SUSE Bug 1256716 for CVE-2025-71113",
"url": "https://bugzilla.suse.com/1256716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71113"
},
{
"cve": "CVE-2025-71126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: avoid deadlock on fallback while reinjecting\n\nJakub reported an MPTCP deadlock at fallback time:\n\n WARNING: possible recursive locking detected\n 6.18.0-rc7-virtme #1 Not tainted\n --------------------------------------------\n mptcp_connect/20858 is trying to acquire lock:\n ff1100001da18b60 (\u0026msk-\u003efallback_lock){+.-.}-{3:3}, at: __mptcp_try_fallback+0xd8/0x280\n\n but task is already holding lock:\n ff1100001da18b60 (\u0026msk-\u003efallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(\u0026msk-\u003efallback_lock);\n lock(\u0026msk-\u003efallback_lock);\n\n *** DEADLOCK ***\n\n May be due to missing lock nesting notation\n\n 3 locks held by mptcp_connect/20858:\n #0: ff1100001da18290 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_sendmsg+0x114/0x1bc0\n #1: ff1100001db40fd0 (k-sk_lock-AF_INET#2){+.+.}-{0:0}, at: __mptcp_retrans+0x2cb/0xaa0\n #2: ff1100001da18b60 (\u0026msk-\u003efallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0\n\n stack backtrace:\n CPU: 0 UID: 0 PID: 20858 Comm: mptcp_connect Not tainted 6.18.0-rc7-virtme #1 PREEMPT(full)\n Hardware name: Bochs, BIOS Bochs 01/01/2011\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x6f/0xa0\n print_deadlock_bug.cold+0xc0/0xcd\n validate_chain+0x2ff/0x5f0\n __lock_acquire+0x34c/0x740\n lock_acquire.part.0+0xbc/0x260\n _raw_spin_lock_bh+0x38/0x50\n __mptcp_try_fallback+0xd8/0x280\n mptcp_sendmsg_frag+0x16c2/0x3050\n __mptcp_retrans+0x421/0xaa0\n mptcp_release_cb+0x5aa/0xa70\n release_sock+0xab/0x1d0\n mptcp_sendmsg+0xd5b/0x1bc0\n sock_write_iter+0x281/0x4d0\n new_sync_write+0x3c5/0x6f0\n vfs_write+0x65e/0xbb0\n ksys_write+0x17e/0x200\n do_syscall_64+0xbb/0xfd0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7fa5627cbc5e\n Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 \u003cc9\u003e c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa\n RSP: 002b:00007fff1fe14700 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa5627cbc5e\n RDX: 0000000000001f9c RSI: 00007fff1fe16984 RDI: 0000000000000005\n RBP: 00007fff1fe14710 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff1fe16920\n R13: 0000000000002000 R14: 0000000000001f9c R15: 0000000000001f9c\n\nThe packet scheduler could attempt a reinjection after receiving an\nMP_FAIL and before the infinite map has been transmitted, causing a\ndeadlock since MPTCP needs to do the reinjection atomically from WRT\nfallback.\n\nAddress the issue explicitly avoiding the reinjection in the critical\nscenario. Note that this is the only fallback critical section that\ncould potentially send packets and hit the double-lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71126",
"url": "https://www.suse.com/security/cve/CVE-2025-71126"
},
{
"category": "external",
"summary": "SUSE Bug 1256755 for CVE-2025-71126",
"url": "https://bugzilla.suse.com/1256755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71126"
},
{
"cve": "CVE-2025-71148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71148"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/handshake: restore destructor on submit failure\n\nhandshake_req_submit() replaces sk-\u003esk_destruct but never restores it when\nsubmission fails before the request is hashed. handshake_sk_destruct() then\nreturns early and the original destructor never runs, leaking the socket.\nRestore sk_destruct on the error path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71148",
"url": "https://www.suse.com/security/cve/CVE-2025-71148"
},
{
"category": "external",
"summary": "SUSE Bug 1257159 for CVE-2025-71148",
"url": "https://bugzilla.suse.com/1257159"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71148"
},
{
"cve": "CVE-2025-71182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: make j1939_session_activate() fail if device is no longer registered\n\nsyzbot is still reporting\n\n unregister_netdevice: waiting for vcan0 to become free. Usage count = 2\n\neven after commit 93a27b5891b8 (\"can: j1939: add missing calls in\nNETDEV_UNREGISTER notification handler\") was added. A debug printk() patch\nfound that j1939_session_activate() can succeed even after\nj1939_cancel_active_session() from j1939_netdev_notify(NETDEV_UNREGISTER)\nhas completed.\n\nSince j1939_cancel_active_session() is processed with the session list lock\nheld, checking ndev-\u003ereg_state in j1939_session_activate() with the session\nlist lock held can reliably close the race window.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71182",
"url": "https://www.suse.com/security/cve/CVE-2025-71182"
},
{
"category": "external",
"summary": "SUSE Bug 1257586 for CVE-2025-71182",
"url": "https://bugzilla.suse.com/1257586"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71182"
},
{
"cve": "CVE-2025-71184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71184"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix NULL dereference on root when tracing inode eviction\n\nWhen evicting an inode the first thing we do is to setup tracing for it,\nwhich implies fetching the root\u0027s id. But in btrfs_evict_inode() the\nroot might be NULL, as implied in the next check that we do in\nbtrfs_evict_inode().\n\nHence, we either should set the -\u003eroot_objectid to 0 in case the root is\nNULL, or we move tracing setup after checking that the root is not\nNULL. Setting the rootid to 0 at least gives us the possibility to trace\nthis call even in the case when the root is NULL, so that\u0027s the solution\ntaken here.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71184",
"url": "https://www.suse.com/security/cve/CVE-2025-71184"
},
{
"category": "external",
"summary": "SUSE Bug 1257635 for CVE-2025-71184",
"url": "https://bugzilla.suse.com/1257635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71184"
},
{
"cve": "CVE-2025-71185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71185"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: dma-crossbar: fix device leak on am335x route allocation\n\nMake sure to drop the reference taken when looking up the crossbar\nplatform device during am335x route allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71185",
"url": "https://www.suse.com/security/cve/CVE-2025-71185"
},
{
"category": "external",
"summary": "SUSE Bug 1257560 for CVE-2025-71185",
"url": "https://bugzilla.suse.com/1257560"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71185"
},
{
"cve": "CVE-2025-71188",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71188"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: lpc18xx-dmamux: fix device leak on route allocation\n\nMake sure to drop the reference taken when looking up the DMA mux\nplatform device during route allocation.\n\nNote that holding a reference to a device does not prevent its driver\ndata from going away so there is no point in keeping the reference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71188",
"url": "https://www.suse.com/security/cve/CVE-2025-71188"
},
{
"category": "external",
"summary": "SUSE Bug 1257576 for CVE-2025-71188",
"url": "https://bugzilla.suse.com/1257576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71188"
},
{
"cve": "CVE-2025-71189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71189"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: dw: dmamux: fix OF node leak on route allocation failure\n\nMake sure to drop the reference taken to the DMA master OF node also on\nlate route allocation failures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71189",
"url": "https://www.suse.com/security/cve/CVE-2025-71189"
},
{
"category": "external",
"summary": "SUSE Bug 1257573 for CVE-2025-71189",
"url": "https://bugzilla.suse.com/1257573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "low"
}
],
"title": "CVE-2025-71189"
},
{
"cve": "CVE-2025-71190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71190"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: bcm-sba-raid: fix device leak on probe\n\nMake sure to drop the reference taken when looking up the mailbox device\nduring probe on probe failures and on driver unbind.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71190",
"url": "https://www.suse.com/security/cve/CVE-2025-71190"
},
{
"category": "external",
"summary": "SUSE Bug 1257580 for CVE-2025-71190",
"url": "https://bugzilla.suse.com/1257580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "low"
}
],
"title": "CVE-2025-71190"
},
{
"cve": "CVE-2025-71191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71191"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: at_hdmac: fix device leak on of_dma_xlate()\n\nMake sure to drop the reference taken when looking up the DMA platform\ndevice during of_dma_xlate() when releasing channel resources.\n\nNote that commit 3832b78b3ec2 (\"dmaengine: at_hdmac: add missing\nput_device() call in at_dma_xlate()\") fixed the leak in a couple of\nerror paths but the reference is still leaking on successful allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71191",
"url": "https://www.suse.com/security/cve/CVE-2025-71191"
},
{
"category": "external",
"summary": "SUSE Bug 1257579 for CVE-2025-71191",
"url": "https://bugzilla.suse.com/1257579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "low"
}
],
"title": "CVE-2025-71191"
},
{
"cve": "CVE-2025-71192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71192"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ac97: fix a double free in snd_ac97_controller_register()\n\nIf ac97_add_adapter() fails, put_device() is the correct way to drop\nthe device reference. kfree() is not required.\nAdd kfree() if idr_alloc() fails and in ac97_adapter_release() to do\nthe cleanup.\n\nFound by code review.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71192",
"url": "https://www.suse.com/security/cve/CVE-2025-71192"
},
{
"category": "external",
"summary": "SUSE Bug 1257679 for CVE-2025-71192",
"url": "https://bugzilla.suse.com/1257679"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71192"
},
{
"cve": "CVE-2025-71194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71194"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock in wait_current_trans() due to ignored transaction type\n\nWhen wait_current_trans() is called during start_transaction(), it\ncurrently waits for a blocked transaction without considering whether\nthe given transaction type actually needs to wait for that particular\ntransaction state. The btrfs_blocked_trans_types[] array already defines\nwhich transaction types should wait for which transaction states, but\nthis check was missing in wait_current_trans().\n\nThis can lead to a deadlock scenario involving two transactions and\npending ordered extents:\n\n 1. Transaction A is in TRANS_STATE_COMMIT_DOING state\n\n 2. A worker processing an ordered extent calls start_transaction()\n with TRANS_JOIN\n\n 3. join_transaction() returns -EBUSY because Transaction A is in\n TRANS_STATE_COMMIT_DOING\n\n 4. Transaction A moves to TRANS_STATE_UNBLOCKED and completes\n\n 5. A new Transaction B is created (TRANS_STATE_RUNNING)\n\n 6. The ordered extent from step 2 is added to Transaction B\u0027s\n pending ordered extents\n\n 7. Transaction B immediately starts commit by another task and\n enters TRANS_STATE_COMMIT_START\n\n 8. The worker finally reaches wait_current_trans(), sees Transaction B\n in TRANS_STATE_COMMIT_START (a blocked state), and waits\n unconditionally\n\n 9. However, TRANS_JOIN should NOT wait for TRANS_STATE_COMMIT_START\n according to btrfs_blocked_trans_types[]\n\n 10. Transaction B is waiting for pending ordered extents to complete\n\n 11. Deadlock: Transaction B waits for ordered extent, ordered extent\n waits for Transaction B\n\nThis can be illustrated by the following call stacks:\n CPU0 CPU1\n btrfs_finish_ordered_io()\n start_transaction(TRANS_JOIN)\n join_transaction()\n # -EBUSY (Transaction A is\n # TRANS_STATE_COMMIT_DOING)\n # Transaction A completes\n # Transaction B created\n # ordered extent added to\n # Transaction B\u0027s pending list\n btrfs_commit_transaction()\n # Transaction B enters\n # TRANS_STATE_COMMIT_START\n # waiting for pending ordered\n # extents\n wait_current_trans()\n # waits for Transaction B\n # (should not wait!)\n\nTask bstore_kv_sync in btrfs_commit_transaction waiting for ordered\nextents:\n\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n btrfs_commit_transaction+0xbf7/0xda0 [btrfs]\n btrfs_sync_file+0x342/0x4d0 [btrfs]\n __x64_sys_fdatasync+0x4b/0x80\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nTask kworker in wait_current_trans waiting for transaction commit:\n\n Workqueue: btrfs-syno_nocow btrfs_work_helper [btrfs]\n __schedule+0x2e7/0x8a0\n schedule+0x64/0xe0\n wait_current_trans+0xb0/0x110 [btrfs]\n start_transaction+0x346/0x5b0 [btrfs]\n btrfs_finish_ordered_io.isra.0+0x49b/0x9c0 [btrfs]\n btrfs_work_helper+0xe8/0x350 [btrfs]\n process_one_work+0x1d3/0x3c0\n worker_thread+0x4d/0x3e0\n kthread+0x12d/0x150\n ret_from_fork+0x1f/0x30\n\nFix this by passing the transaction type to wait_current_trans() and\nchecking btrfs_blocked_trans_types[cur_trans-\u003estate] against the given\ntype before deciding to wait. This ensures that transaction types which\nare allowed to join during certain blocked states will not unnecessarily\nwait and cause deadlocks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71194",
"url": "https://www.suse.com/security/cve/CVE-2025-71194"
},
{
"category": "external",
"summary": "SUSE Bug 1257687 for CVE-2025-71194",
"url": "https://bugzilla.suse.com/1257687"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71194"
},
{
"cve": "CVE-2025-71195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71195"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: xilinx: xdma: Fix regmap max_register\n\nThe max_register field is assigned the size of the register memory\nregion instead of the offset of the last register.\nThe result is that reading from the regmap via debugfs can cause\na segmentation fault:\n\ntail /sys/kernel/debug/regmap/xdma.1.auto/registers\nUnable to handle kernel paging request at virtual address ffff800082f70000\nMem abort info:\n ESR = 0x0000000096000007\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x07: level 3 translation fault\n[...]\nCall trace:\n regmap_mmio_read32le+0x10/0x30\n _regmap_bus_reg_read+0x74/0xc0\n _regmap_read+0x68/0x198\n regmap_read+0x54/0x88\n regmap_read_debugfs+0x140/0x380\n regmap_map_read_file+0x30/0x48\n full_proxy_read+0x68/0xc8\n vfs_read+0xcc/0x310\n ksys_read+0x7c/0x120\n __arm64_sys_read+0x24/0x40\n invoke_syscall.constprop.0+0x64/0x108\n do_el0_svc+0xb0/0xd8\n el0_svc+0x38/0x130\n el0t_64_sync_handler+0x120/0x138\n el0t_64_sync+0x194/0x198\nCode: aa1e03e9 d503201f f9400000 8b214000 (b9400000)\n---[ end trace 0000000000000000 ]---\nnote: tail[1217] exited with irqs disabled\nnote: tail[1217] exited with preempt_count 1\nSegmentation fault",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71195",
"url": "https://www.suse.com/security/cve/CVE-2025-71195"
},
{
"category": "external",
"summary": "SUSE Bug 1257704 for CVE-2025-71195",
"url": "https://bugzilla.suse.com/1257704"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71195"
},
{
"cve": "CVE-2025-71196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71196"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: stm32-usphyc: Fix off by one in probe()\n\nThe \"index\" variable is used as an index into the usbphyc-\u003ephys[] array\nwhich has usbphyc-\u003enphys elements. So if it is equal to usbphyc-\u003enphys\nthen it is one element out of bounds. The \"index\" comes from the\ndevice tree so it\u0027s data that we trust and it\u0027s unlikely to be wrong,\nhowever it\u0027s obviously still worth fixing the bug. Change the \u003e to \u003e=.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71196",
"url": "https://www.suse.com/security/cve/CVE-2025-71196"
},
{
"category": "external",
"summary": "SUSE Bug 1257716 for CVE-2025-71196",
"url": "https://bugzilla.suse.com/1257716"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71196"
},
{
"cve": "CVE-2025-71197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nw1: therm: Fix off-by-one buffer overflow in alarms_store\n\nThe sysfs buffer passed to alarms_store() is allocated with \u0027size + 1\u0027\nbytes and a NUL terminator is appended. However, the \u0027size\u0027 argument\ndoes not account for this extra byte. The original code then allocated\n\u0027size\u0027 bytes and used strcpy() to copy \u0027buf\u0027, which always writes one\nbyte past the allocated buffer since strcpy() copies until the NUL\nterminator at index \u0027size\u0027.\n\nFix this by parsing the \u0027buf\u0027 parameter directly using simple_strtoll()\nwithout allocating any intermediate memory or string copying. This\nremoves the overflow while simplifying the code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71197",
"url": "https://www.suse.com/security/cve/CVE-2025-71197"
},
{
"category": "external",
"summary": "SUSE Bug 1257743 for CVE-2025-71197",
"url": "https://bugzilla.suse.com/1257743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71197"
},
{
"cve": "CVE-2025-71198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection\n\nThe st_lsm6dsx_acc_channels array of struct iio_chan_spec has a non-NULL\nevent_spec field, indicating support for IIO events. However, event\ndetection is not supported for all sensors, and if userspace tries to\nconfigure accelerometer wakeup events on a sensor device that does not\nsupport them (e.g. LSM6DS0), st_lsm6dsx_write_event() dereferences a NULL\npointer when trying to write to the wakeup register.\nDefine an additional struct iio_chan_spec array whose members have a NULL\nevent_spec field, and use this array instead of st_lsm6dsx_acc_channels for\nsensors without event detection capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71198",
"url": "https://www.suse.com/security/cve/CVE-2025-71198"
},
{
"category": "external",
"summary": "SUSE Bug 1257741 for CVE-2025-71198",
"url": "https://bugzilla.suse.com/1257741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71198"
},
{
"cve": "CVE-2025-71199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71199"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver\n\nat91_adc_interrupt can call at91_adc_touch_data_handler function\nto start the work by schedule_work(\u0026st-\u003etouch_st.workq).\n\nIf we remove the module which will call at91_adc_remove to\nmake cleanup, it will free indio_dev through iio_device_unregister but\nquite a bit later. While the work mentioned above will be used. The\nsequence of operations that may lead to a UAF bug is as follows:\n\nCPU0 CPU1\n\n | at91_adc_workq_handler\nat91_adc_remove |\niio_device_unregister(indio_dev) |\n//free indio_dev a bit later |\n | iio_push_to_buffers(indio_dev)\n | //use indio_dev\n\nFix it by ensuring that the work is canceled before proceeding with\nthe cleanup in at91_adc_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71199",
"url": "https://www.suse.com/security/cve/CVE-2025-71199"
},
{
"category": "external",
"summary": "SUSE Bug 1257750 for CVE-2025-71199",
"url": "https://bugzilla.suse.com/1257750"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71199"
},
{
"cve": "CVE-2025-71200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71200"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode\n\nWhen operating in HS200 or HS400 timing modes, reducing the clock frequency\nbelow 52MHz will lead to link broken as the Rockchip DWC MSHC controller\nrequires maintaining a minimum clock of 52MHz in these modes.\n\nAdd a check to prevent illegal clock reduction through debugfs:\n\nroot@debian:/# echo 50000000 \u003e /sys/kernel/debug/mmc0/clock\nroot@debian:/# [ 30.090146] mmc0: running CQE recovery\nmmc0: cqhci: Failed to halt\nmmc0: cqhci: spurious TCN for tag 0\nWARNING: drivers/mmc/host/cqhci-core.c:797 at cqhci_irq+0x254/0x818, CPU#1: kworker/1:0H/24\nModules linked in:\nCPU: 1 UID: 0 PID: 24 Comm: kworker/1:0H Not tainted 6.19.0-rc1-00001-g09db0998649d-dirty #204 PREEMPT\nHardware name: Rockchip RK3588 EVB1 V10 Board (DT)\nWorkqueue: kblockd blk_mq_run_work_fn\npstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : cqhci_irq+0x254/0x818\nlr : cqhci_irq+0x254/0x818\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71200",
"url": "https://www.suse.com/security/cve/CVE-2025-71200"
},
{
"category": "external",
"summary": "SUSE Bug 1258222 for CVE-2025-71200",
"url": "https://bugzilla.suse.com/1258222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71200"
},
{
"cve": "CVE-2025-71222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wlcore: ensure skb headroom before skb_push\n\nThis avoids occasional skb_under_panic Oops from wl1271_tx_work. In this case, headroom is\nless than needed (typically 110 - 94 = 16 bytes).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71222",
"url": "https://www.suse.com/security/cve/CVE-2025-71222"
},
{
"category": "external",
"summary": "SUSE Bug 1258279 for CVE-2025-71222",
"url": "https://bugzilla.suse.com/1258279"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71222"
},
{
"cve": "CVE-2025-71224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: ocb: skip rx_no_sta when interface is not joined\n\nieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only\npresent after JOIN_OCB.\n\nRX may run before JOIN_OCB is executed, in which case the OCB interface\nis not operational. Skip RX peer handling when the interface is not\njoined to avoid warnings in the RX path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71224",
"url": "https://www.suse.com/security/cve/CVE-2025-71224"
},
{
"category": "external",
"summary": "SUSE Bug 1258824 for CVE-2025-71224",
"url": "https://bugzilla.suse.com/1258824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71224"
},
{
"cve": "CVE-2025-71225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: suspend array while updating raid_disks via sysfs\n\nIn raid1_reshape(), freeze_array() is called before modifying the r1bio\nmemory pool (conf-\u003er1bio_pool) and conf-\u003eraid_disks, and\nunfreeze_array() is called after the update is completed.\n\nHowever, freeze_array() only waits until nr_sync_pending and\n(nr_pending - nr_queued) of all buckets reaches zero. When an I/O error\noccurs, nr_queued is increased and the corresponding r1bio is queued to\neither retry_list or bio_end_io_list. As a result, freeze_array() may\nunblock before these r1bios are released.\n\nThis can lead to a situation where conf-\u003eraid_disks and the mempool have\nalready been updated while queued r1bios, allocated with the old\nraid_disks value, are later released. Consequently, free_r1bio() may\naccess memory out of bounds in put_all_bios() and release r1bios of the\nwrong size to the new mempool, potentially causing issues with the\nmempool as well.\n\nSince only normal I/O might increase nr_queued while an I/O error occurs,\nsuspending the array avoids this issue.\n\nNote: Updating raid_disks via ioctl SET_ARRAY_INFO already suspends\nthe array. Therefore, we suspend the array when updating raid_disks\nvia sysfs to avoid this issue too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71225",
"url": "https://www.suse.com/security/cve/CVE-2025-71225"
},
{
"category": "external",
"summary": "SUSE Bug 1258411 for CVE-2025-71225",
"url": "https://bugzilla.suse.com/1258411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71225"
},
{
"cve": "CVE-2025-71229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()\n\nrtw_core_enable_beacon() reads 4 bytes from an address that is not a\nmultiple of 4. This results in a crash on some systems.\n\nDo 1 byte reads/writes instead.\n\nUnable to handle kernel paging request at virtual address ffff8000827e0522\nMem abort info:\n ESR = 0x0000000096000021\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x21: alignment fault\nData abort info:\n ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nswapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000005492000\n[ffff8000827e0522] pgd=0000000000000000, p4d=10000001021d9403, pud=10000001021da403, pmd=100000011061c403, pte=00780000f3200f13\nInternal error: Oops: 0000000096000021 [#1] SMP\nModules linked in: [...] rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core [...]\nCPU: 0 UID: 0 PID: 73 Comm: kworker/u32:2 Tainted: G W 6.17.9 #1-NixOS VOLUNTARY\nTainted: [W]=WARN\nHardware name: FriendlyElec NanoPC-T6 LTS (DT)\nWorkqueue: phy0 rtw_c2h_work [rtw88_core]\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : rtw_pci_read32+0x18/0x40 [rtw88_pci]\nlr : rtw_core_enable_beacon+0xe0/0x148 [rtw88_core]\nsp : ffff800080cc3ca0\nx29: ffff800080cc3ca0 x28: ffff0001031fc240 x27: ffff000102100828\nx26: ffffd2cb7c9b4088 x25: ffff0001031fc2c0 x24: ffff000112fdef00\nx23: ffff000112fdef18 x22: ffff000111c29970 x21: 0000000000000001\nx20: 0000000000000001 x19: ffff000111c22040 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffd2cb6507c090\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000007f10 x1 : 0000000000000522 x0 : ffff8000827e0522\nCall trace:\n rtw_pci_read32+0x18/0x40 [rtw88_pci] (P)\n rtw_hw_scan_chan_switch+0x124/0x1a8 [rtw88_core]\n rtw_fw_c2h_cmd_handle+0x254/0x290 [rtw88_core]\n rtw_c2h_work+0x50/0x98 [rtw88_core]\n process_one_work+0x178/0x3f8\n worker_thread+0x208/0x418\n kthread+0x120/0x220\n ret_from_fork+0x10/0x20\nCode: d28fe202 8b020000 f9524400 8b214000 (b9400000)\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71229",
"url": "https://www.suse.com/security/cve/CVE-2025-71229"
},
{
"category": "external",
"summary": "SUSE Bug 1258415 for CVE-2025-71229",
"url": "https://bugzilla.suse.com/1258415"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71229"
},
{
"cve": "CVE-2025-71231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode\n\nThe local variable \u0027i\u0027 is initialized with -EINVAL, but the for loop\nimmediately overwrites it and -EINVAL is never returned.\n\nIf no empty compression mode can be found, the function would return the\nout-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid\narray access in add_iaa_compression_mode().\n\nFix both issues by returning either a valid index or -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71231",
"url": "https://www.suse.com/security/cve/CVE-2025-71231"
},
{
"category": "external",
"summary": "SUSE Bug 1258424 for CVE-2025-71231",
"url": "https://bugzilla.suse.com/1258424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2025-71231"
},
{
"cve": "CVE-2025-71232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Free sp in error path to fix system crash\n\nSystem crash seen during load/unload test in a loop,\n\n[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.\n[61110.467494] =============================================================================\n[61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()\n[61110.467501] -----------------------------------------------------------------------------\n\n[61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85 flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[61110.467509] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467513] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467515] Call Trace:\n[61110.467516] \u003cTASK\u003e\n[61110.467519] dump_stack_lvl+0x34/0x48\n[61110.467526] slab_err.cold+0x53/0x67\n[61110.467534] __kmem_cache_shutdown+0x16e/0x320\n[61110.467540] kmem_cache_destroy+0x51/0x160\n[61110.467544] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467607] ? __do_sys_delete_module.constprop.0+0x178/0x280\n[61110.467613] ? syscall_trace_enter.constprop.0+0x145/0x1d0\n[61110.467616] ? do_syscall_64+0x5c/0x90\n[61110.467619] ? exc_page_fault+0x62/0x150\n[61110.467622] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[61110.467626] \u003c/TASK\u003e\n[61110.467627] Disabling lock debugging due to kernel taint\n[61110.467635] Object 0x0000000026f7e6e6 @offset=16000\n[61110.467639] ------------[ cut here ]------------\n[61110.467639] kmem_cache_destroy qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160\n[61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G B OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160\n[61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc 66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 \u003c0f\u003e 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48 89\n[61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282\n[61110.467727] RAX: 0000000000000000 RBX: ffffffffc0d9a860 RCX: 0000000000000027\n[61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI: ffff8fd5ff9598a0\n[61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7\n[61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000\n[61110.467731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[61110.467733] FS: 00007f64c89fb740(0000) GS:ffff8fd5ff940000(0000) knlGS:0000000000000000\n[61110.467734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0\n[61110.467736] PKRU: 55555554\n[61110.467737] Call Trace:\n[61110.467738] \u003cTASK\u003e\n[61110.467739] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467755] ? __do_sys_delete_module.constprop.0+0x178/0x280\n\nFree sp in the error path to fix the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71232",
"url": "https://www.suse.com/security/cve/CVE-2025-71232"
},
{
"category": "external",
"summary": "SUSE Bug 1258422 for CVE-2025-71232",
"url": "https://bugzilla.suse.com/1258422"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71232"
},
{
"cve": "CVE-2025-71234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71234"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add\n\nThe driver does not set hw-\u003esta_data_size, which causes mac80211 to\nallocate insufficient space for driver private station data in\n__sta_info_alloc(). When rtl8xxxu_sta_add() accesses members of\nstruct rtl8xxxu_sta_info through sta-\u003edrv_priv, this results in a\nslab-out-of-bounds write.\n\nKASAN report on RISC-V (VisionFive 2) with RTL8192EU adapter:\n\n BUG: KASAN: slab-out-of-bounds in rtl8xxxu_sta_add+0x31c/0x346\n Write of size 8 at addr ffffffd6d3e9ae88 by task kworker/u16:0/12\n\nSet hw-\u003esta_data_size to sizeof(struct rtl8xxxu_sta_info) during\nprobe, similar to how hw-\u003evif_data_size is configured. This ensures\nmac80211 allocates sufficient space for the driver\u0027s per-station\nprivate data.\n\nTested on StarFive VisionFive 2 v1.2A board.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71234",
"url": "https://www.suse.com/security/cve/CVE-2025-71234"
},
{
"category": "external",
"summary": "SUSE Bug 1258419 for CVE-2025-71234",
"url": "https://bugzilla.suse.com/1258419"
},
{
"category": "external",
"summary": "SUSE Bug 1258420 for CVE-2025-71234",
"url": "https://bugzilla.suse.com/1258420"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2025-71234"
},
{
"cve": "CVE-2025-71235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Delay module unload while fabric scan in progress\n\nSystem crash seen during load/unload test in a loop.\n\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\n[105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\n[105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\n[105954.384928] PKRU: 55555554\n[105954.384929] Call Trace:\n[105954.384931] \u003cIRQ\u003e\n[105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\n[105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\n[105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\n[105954.384999] ? __wake_up_common+0x80/0x190\n[105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\n[105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\n[105954.385040] ? __handle_irq_event_percpu+0x3d/0x190\n[105954.385044] ? handle_irq_event+0x58/0xb0\n[105954.385046] ? handle_edge_irq+0x93/0x240\n[105954.385050] ? __common_interrupt+0x41/0xa0\n[105954.385055] ? common_interrupt+0x3e/0xa0\n[105954.385060] ? asm_common_interrupt+0x22/0x40\n\nThe root cause of this was that there was a free (dma_free_attrs) in the\ninterrupt context. There was a device discovery/fabric scan in\nprogress. A module unload was issued which set the UNLOADING flag. As\npart of the discovery, after receiving an interrupt a work queue was\nscheduled (which involved a work to be queued). Since the UNLOADING\nflag is set, the work item was not allocated and the mapped memory had\nto be freed. The free occurred in interrupt context leading to system\ncrash. Delay the driver unload until the fabric scan is complete to\navoid the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71235",
"url": "https://www.suse.com/security/cve/CVE-2025-71235"
},
{
"category": "external",
"summary": "SUSE Bug 1258469 for CVE-2025-71235",
"url": "https://bugzilla.suse.com/1258469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71235"
},
{
"cve": "CVE-2025-71236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Validate sp before freeing associated memory\n\nSystem crash with the following signature\n[154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete\n[154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.\n[154564.169405] qla2xxx [0000:b0:00.1]-ffffff:2: SET ZIO Activity exchange threshold to 5.\n[154565.539974] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed - 0078 0080 0000.\n[154565.545744] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed - 0078 00a0 0000.\n[154565.545857] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.552760] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.553079] BUG: kernel NULL pointer dereference, address: 00000000000000f8\n[154565.553080] #PF: supervisor read access in kernel mode\n[154565.553082] #PF: error_code(0x0000) - not-present page\n[154565.553084] PGD 80000010488ab067 P4D 80000010488ab067 PUD 104978a067 PMD 0\n[154565.553089] Oops: 0000 1 PREEMPT SMP PTI\n[154565.553092] CPU: 10 PID: 858 Comm: qla2xxx_2_dpc Kdump: loaded Tainted: G OE ------- --- 5.14.0-503.11.1.el9_5.x86_64 #1\n[154565.553096] Hardware name: HPE Synergy 660 Gen10/Synergy 660 Gen10 Compute Module, BIOS I43 09/30/2024\n[154565.553097] RIP: 0010:qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553141] Code: 00 00 e8 58 a3 ec d4 49 89 e9 ba 12 20 00 00 4c 89 e6 49 c7 c0 00 ee a8 c0 48 c7 c1 66 c0 a9 c0 bf 00 80 00 10 e8 15 69 00 00 \u003c4c\u003e 8b 8d f8 00 00 00 4d 85 c9 74 35 49 8b 84 24 00 19 00 00 48 8b\n[154565.553143] RSP: 0018:ffffb4dbc8aebdd0 EFLAGS: 00010286\n[154565.553145] RAX: 0000000000000000 RBX: ffff8ec2cf0908d0 RCX: 0000000000000002\n[154565.553147] RDX: 0000000000000000 RSI: ffffffffc0a9c896 RDI: ffffb4dbc8aebd47\n[154565.553148] RBP: 0000000000000000 R08: ffffb4dbc8aebd45 R09: 0000000000ffff0a\n[154565.553150] R10: 0000000000000000 R11: 000000000000000f R12: ffff8ec2cf0908d0\n[154565.553151] R13: ffff8ec2cf090900 R14: 0000000000000102 R15: ffff8ec2cf084000\n[154565.553152] FS: 0000000000000000(0000) GS:ffff8ed27f800000(0000) knlGS:0000000000000000\n[154565.553154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[154565.553155] CR2: 00000000000000f8 CR3: 000000113ae0a005 CR4: 00000000007706f0\n[154565.553157] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[154565.553158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[154565.553159] PKRU: 55555554\n[154565.553160] Call Trace:\n[154565.553162] \u003cTASK\u003e\n[154565.553165] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553172] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553177] ? qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553215] ? __die_body.cold+0x8/0xd\n[154565.553218] ? page_fault_oops+0x134/0x170\n[154565.553223] ? snprintf+0x49/0x70\n[154565.553229] ? exc_page_fault+0x62/0x150\n[154565.553238] ? asm_exc_page_fault+0x22/0x30\n\nCheck for sp being non NULL before freeing any associated memory",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71236",
"url": "https://www.suse.com/security/cve/CVE-2025-71236"
},
{
"category": "external",
"summary": "SUSE Bug 1258442 for CVE-2025-71236",
"url": "https://bugzilla.suse.com/1258442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-71236"
},
{
"cve": "CVE-2026-22979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22979"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix memory leak in skb_segment_list for GRO packets\n\nWhen skb_segment_list() is called during packet forwarding, it handles\npackets that were aggregated by the GRO engine.\n\nHistorically, the segmentation logic in skb_segment_list assumes that\nindividual segments are split from a parent SKB and may need to carry\ntheir own socket memory accounting. Accordingly, the code transfers\ntruesize from the parent to the newly created segments.\n\nPrior to commit ed4cccef64c1 (\"gro: fix ownership transfer\"), this\ntruesize subtraction in skb_segment_list() was valid because fragments\nstill carry a reference to the original socket.\n\nHowever, commit ed4cccef64c1 (\"gro: fix ownership transfer\") changed\nthis behavior by ensuring that fraglist entries are explicitly\norphaned (skb-\u003esk = NULL) to prevent illegal orphaning later in the\nstack. This change meant that the entire socket memory charge remained\nwith the head SKB, but the corresponding accounting logic in\nskb_segment_list() was never updated.\n\nAs a result, the current code unconditionally adds each fragment\u0027s\ntruesize to delta_truesize and subtracts it from the parent SKB. Since\nthe fragments are no longer charged to the socket, this subtraction\nresults in an effective under-count of memory when the head is freed.\nThis causes sk_wmem_alloc to remain non-zero, preventing socket\ndestruction and leading to a persistent memory leak.\n\nThe leak can be observed via KMEMLEAK when tearing down the networking\nenvironment:\n\nunreferenced object 0xffff8881e6eb9100 (size 2048):\n comm \"ping\", pid 6720, jiffies 4295492526\n backtrace:\n kmem_cache_alloc_noprof+0x5c6/0x800\n sk_prot_alloc+0x5b/0x220\n sk_alloc+0x35/0xa00\n inet6_create.part.0+0x303/0x10d0\n __sock_create+0x248/0x640\n __sys_socket+0x11b/0x1d0\n\nSince skb_segment_list() is exclusively used for SKB_GSO_FRAGLIST\npackets constructed by GRO, the truesize adjustment is removed.\n\nThe call to skb_release_head_state() must be preserved. As documented in\ncommit cf673ed0e057 (\"net: fix fraglist segmentation reference count\nleak\"), it is still required to correctly drop references to SKB\nextensions that may be overwritten during __copy_skb_header().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22979",
"url": "https://www.suse.com/security/cve/CVE-2026-22979"
},
{
"category": "external",
"summary": "SUSE Bug 1257228 for CVE-2026-22979",
"url": "https://bugzilla.suse.com/1257228"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-22979"
},
{
"cve": "CVE-2026-22982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22982"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mscc: ocelot: Fix crash when adding interface under a lag\n\nCommit 15faa1f67ab4 (\"lan966x: Fix crash when adding interface under a lag\")\nfixed a similar issue in the lan966x driver caused by a NULL pointer dereference.\nThe ocelot_set_aggr_pgids() function in the ocelot driver has similar logic\nand is susceptible to the same crash.\n\nThis issue specifically affects the ocelot_vsc7514.c frontend, which leaves\nunused ports as NULL pointers. The felix_vsc9959.c frontend is unaffected as\nit uses the DSA framework which registers all ports.\n\nFix this by checking if the port pointer is valid before accessing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22982",
"url": "https://www.suse.com/security/cve/CVE-2026-22982"
},
{
"category": "external",
"summary": "SUSE Bug 1257179 for CVE-2026-22982",
"url": "https://bugzilla.suse.com/1257179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-22982"
},
{
"cve": "CVE-2026-22998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec\n\nCommit efa56305908b (\"nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length\")\nadded ttag bounds checking and data_offset\nvalidation in nvmet_tcp_handle_h2c_data_pdu(), but it did not validate\nwhether the command\u0027s data structures (cmd-\u003ereq.sg and cmd-\u003eiov) have\nbeen properly initialized before processing H2C_DATA PDUs.\n\nThe nvmet_tcp_build_pdu_iovec() function dereferences these pointers\nwithout NULL checks. This can be triggered by sending H2C_DATA PDU\nimmediately after the ICREQ/ICRESP handshake, before\nsending a CONNECT command or NVMe write command.\n\nAttack vectors that trigger NULL pointer dereferences:\n1. H2C_DATA PDU sent before CONNECT -\u003e both pointers NULL\n2. H2C_DATA PDU for READ command -\u003e cmd-\u003ereq.sg allocated, cmd-\u003eiov NULL\n3. H2C_DATA PDU for uninitialized command slot -\u003e both pointers NULL\n\nThe fix validates both cmd-\u003ereq.sg and cmd-\u003eiov before calling\nnvmet_tcp_build_pdu_iovec(). Both checks are required because:\n- Uninitialized commands: both NULL\n- READ commands: cmd-\u003ereq.sg allocated, cmd-\u003eiov NULL\n- WRITE commands: both allocated",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22998",
"url": "https://www.suse.com/security/cve/CVE-2026-22998"
},
{
"category": "external",
"summary": "SUSE Bug 1257209 for CVE-2026-22998",
"url": "https://bugzilla.suse.com/1257209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-22998"
},
{
"cve": "CVE-2026-23003",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23003"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()\n\nBlamed commit did not take care of VLAN encapsulations\nas spotted by syzbot [1].\n\nUse skb_vlan_inet_prepare() instead of pskb_inet_may_pull().\n\n[1]\n BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7a8/0x1fa0 include/net/inet_ecn.h:321\n __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n IP6_ECN_decapsulate+0x7a8/0x1fa0 include/net/inet_ecn.h:321\n ip6ip6_dscp_ecn_decapsulate+0x16f/0x1b0 net/ipv6/ip6_tunnel.c:729\n __ip6_tnl_rcv+0xed9/0x1b50 net/ipv6/ip6_tunnel.c:860\n ip6_tnl_rcv+0xc3/0x100 net/ipv6/ip6_tunnel.c:903\n gre_rcv+0x1529/0x1b90 net/ipv6/ip6_gre.c:-1\n ip6_protocol_deliver_rcu+0x1c89/0x2c60 net/ipv6/ip6_input.c:438\n ip6_input_finish+0x1f4/0x4a0 net/ipv6/ip6_input.c:489\n NF_HOOK include/linux/netfilter.h:318 [inline]\n ip6_input+0x9c/0x330 net/ipv6/ip6_input.c:500\n ip6_mc_input+0x7ca/0xc10 net/ipv6/ip6_input.c:590\n dst_input include/net/dst.h:474 [inline]\n ip6_rcv_finish+0x958/0x990 net/ipv6/ip6_input.c:79\n NF_HOOK include/linux/netfilter.h:318 [inline]\n ipv6_rcv+0xf1/0x3c0 net/ipv6/ip6_input.c:311\n __netif_receive_skb_one_core net/core/dev.c:6139 [inline]\n __netif_receive_skb+0x1df/0xac0 net/core/dev.c:6252\n netif_receive_skb_internal net/core/dev.c:6338 [inline]\n netif_receive_skb+0x57/0x630 net/core/dev.c:6397\n tun_rx_batched+0x1df/0x980 drivers/net/tun.c:1485\n tun_get_user+0x5c0e/0x6c60 drivers/net/tun.c:1953\n tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1999\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0xbe2/0x15d0 fs/read_write.c:686\n ksys_write fs/read_write.c:738 [inline]\n __do_sys_write fs/read_write.c:749 [inline]\n __se_sys_write fs/read_write.c:746 [inline]\n __x64_sys_write+0x1fb/0x4d0 fs/read_write.c:746\n x64_sys_call+0x30ab/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:2\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:4960 [inline]\n slab_alloc_node mm/slub.c:5263 [inline]\n kmem_cache_alloc_node_noprof+0x9e7/0x17a0 mm/slub.c:5315\n kmalloc_reserve+0x13c/0x4b0 net/core/skbuff.c:586\n __alloc_skb+0x805/0x1040 net/core/skbuff.c:690\n alloc_skb include/linux/skbuff.h:1383 [inline]\n alloc_skb_with_frags+0xc5/0xa60 net/core/skbuff.c:6712\n sock_alloc_send_pskb+0xacc/0xc60 net/core/sock.c:2995\n tun_alloc_skb drivers/net/tun.c:1461 [inline]\n tun_get_user+0x1142/0x6c60 drivers/net/tun.c:1794\n tun_chr_write_iter+0x3e9/0x5c0 drivers/net/tun.c:1999\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0xbe2/0x15d0 fs/read_write.c:686\n ksys_write fs/read_write.c:738 [inline]\n __do_sys_write fs/read_write.c:749 [inline]\n __se_sys_write fs/read_write.c:746 [inline]\n __x64_sys_write+0x1fb/0x4d0 fs/read_write.c:746\n x64_sys_call+0x30ab/0x3e70 arch/x86/include/generated/asm/syscalls_64.h:2\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd3/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nCPU: 0 UID: 0 PID: 6465 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(none)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23003",
"url": "https://www.suse.com/security/cve/CVE-2026-23003"
},
{
"category": "external",
"summary": "SUSE Bug 1257246 for CVE-2026-23003",
"url": "https://bugzilla.suse.com/1257246"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23003"
},
{
"cve": "CVE-2026-23004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()\n\nsyzbot was able to crash the kernel in rt6_uncached_list_flush_dev()\nin an interesting way [1]\n\nCrash happens in list_del_init()/INIT_LIST_HEAD() while writing\nlist-\u003eprev, while the prior write on list-\u003enext went well.\n\nstatic inline void INIT_LIST_HEAD(struct list_head *list)\n{\n\tWRITE_ONCE(list-\u003enext, list); // This went well\n\tWRITE_ONCE(list-\u003eprev, list); // Crash, @list has been freed.\n}\n\nIssue here is that rt6_uncached_list_del() did not attempt to lock\nul-\u003elock, as list_empty(\u0026rt-\u003edst.rt_uncached) returned\ntrue because the WRITE_ONCE(list-\u003enext, list) happened on the other CPU.\n\nWe might use list_del_init_careful() and list_empty_careful(),\nor make sure rt6_uncached_list_del() always grabs the spinlock\nwhenever rt-\u003edst.rt_uncached_list has been set.\n\nA similar fix is neeed for IPv4.\n\n[1]\n\n BUG: KASAN: slab-use-after-free in INIT_LIST_HEAD include/linux/list.h:46 [inline]\n BUG: KASAN: slab-use-after-free in list_del_init include/linux/list.h:296 [inline]\n BUG: KASAN: slab-use-after-free in rt6_uncached_list_flush_dev net/ipv6/route.c:191 [inline]\n BUG: KASAN: slab-use-after-free in rt6_disable_ip+0x633/0x730 net/ipv6/route.c:5020\nWrite of size 8 at addr ffff8880294cfa78 by task kworker/u8:14/3450\n\nCPU: 0 UID: 0 PID: 3450 Comm: kworker/u8:14 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)}\nTainted: [L]=SOFTLOCKUP\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025\nWorkqueue: netns cleanup_net\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n INIT_LIST_HEAD include/linux/list.h:46 [inline]\n list_del_init include/linux/list.h:296 [inline]\n rt6_uncached_list_flush_dev net/ipv6/route.c:191 [inline]\n rt6_disable_ip+0x633/0x730 net/ipv6/route.c:5020\n addrconf_ifdown+0x143/0x18a0 net/ipv6/addrconf.c:3853\n addrconf_notify+0x1bc/0x1050 net/ipv6/addrconf.c:-1\n notifier_call_chain+0x19d/0x3a0 kernel/notifier.c:85\n call_netdevice_notifiers_extack net/core/dev.c:2268 [inline]\n call_netdevice_notifiers net/core/dev.c:2282 [inline]\n netif_close_many+0x29c/0x410 net/core/dev.c:1785\n unregister_netdevice_many_notify+0xb50/0x2330 net/core/dev.c:12353\n ops_exit_rtnl_list net/core/net_namespace.c:187 [inline]\n ops_undo_list+0x3dc/0x990 net/core/net_namespace.c:248\n cleanup_net+0x4de/0x7b0 net/core/net_namespace.c:696\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n \u003c/TASK\u003e\n\nAllocated by task 803:\n kasan_save_stack mm/kasan/common.c:57 [inline]\n kasan_save_track+0x3e/0x80 mm/kasan/common.c:78\n unpoison_slab_object mm/kasan/common.c:340 [inline]\n __kasan_slab_alloc+0x6c/0x80 mm/kasan/common.c:366\n kasan_slab_alloc include/linux/kasan.h:253 [inline]\n slab_post_alloc_hook mm/slub.c:4953 [inline]\n slab_alloc_node mm/slub.c:5263 [inline]\n kmem_cache_alloc_noprof+0x18d/0x6c0 mm/slub.c:5270\n dst_alloc+0x105/0x170 net/core/dst.c:89\n ip6_dst_alloc net/ipv6/route.c:342 [inline]\n icmp6_dst_alloc+0x75/0x460 net/ipv6/route.c:3333\n mld_sendpack+0x683/0xe60 net/ipv6/mcast.c:1844\n mld_send_cr net/ipv6/mcast.c:2154 [inline]\n mld_ifc_work+0x83e/0xd60 net/ipv6/mcast.c:2693\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0xad1/0x1770 kernel/workqueue.c:3340\n worker_thread+0x8a0/0xda0 kernel/workqueue.c:3421\n kthread+0x711/0x8a0 kernel/kthread.c:463\n ret_from_fork+0x510/0xa50 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entr\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23004",
"url": "https://www.suse.com/security/cve/CVE-2026-23004"
},
{
"category": "external",
"summary": "SUSE Bug 1257231 for CVE-2026-23004",
"url": "https://bugzilla.suse.com/1257231"
},
{
"category": "external",
"summary": "SUSE Bug 1258655 for CVE-2026-23004",
"url": "https://bugzilla.suse.com/1258655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2026-23004"
},
{
"cve": "CVE-2026-23017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23017"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: fix error handling in the init_task on load\n\nIf the init_task fails during a driver load, we end up without vports and\nnetdevs, effectively failing the entire process. In that state a\nsubsequent reset will result in a crash as the service task attempts to\naccess uninitialized resources. Following trace is from an error in the\ninit_task where the CREATE_VPORT (op 501) is rejected by the FW:\n\n[40922.763136] idpf 0000:83:00.0: Device HW Reset initiated\n[40924.449797] idpf 0000:83:00.0: Transaction failed (op 501)\n[40958.148190] idpf 0000:83:00.0: HW reset detected\n[40958.161202] BUG: kernel NULL pointer dereference, address: 00000000000000a8\n...\n[40958.168094] Workqueue: idpf-0000:83:00.0-vc_event idpf_vc_event_task [idpf]\n[40958.168865] RIP: 0010:idpf_vc_event_task+0x9b/0x350 [idpf]\n...\n[40958.177932] Call Trace:\n[40958.178491] \u003cTASK\u003e\n[40958.179040] process_one_work+0x226/0x6d0\n[40958.179609] worker_thread+0x19e/0x340\n[40958.180158] ? __pfx_worker_thread+0x10/0x10\n[40958.180702] kthread+0x10f/0x250\n[40958.181238] ? __pfx_kthread+0x10/0x10\n[40958.181774] ret_from_fork+0x251/0x2b0\n[40958.182307] ? __pfx_kthread+0x10/0x10\n[40958.182834] ret_from_fork_asm+0x1a/0x30\n[40958.183370] \u003c/TASK\u003e\n\nFix the error handling in the init_task to make sure the service and\nmailbox tasks are disabled if the error happens during load. These are\nstarted in idpf_vc_core_init(), which spawns the init_task and has no way\nof knowing if it failed. If the error happens on reset, following\nsuccessful driver load, the tasks can still run, as that will allow the\nnetdevs to attempt recovery through another reset. Stop the PTP callbacks\neither way as those will be restarted by the call to idpf_vc_core_init()\nduring a successful reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23017",
"url": "https://www.suse.com/security/cve/CVE-2026-23017"
},
{
"category": "external",
"summary": "SUSE Bug 1257552 for CVE-2026-23017",
"url": "https://bugzilla.suse.com/1257552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23017"
},
{
"cve": "CVE-2026-23021",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23021"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: fix memory leak in update_eth_regs_async()\n\nWhen asynchronously writing to the device registers and if usb_submit_urb()\nfail, the code fail to release allocated to this point resources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23021",
"url": "https://www.suse.com/security/cve/CVE-2026-23021"
},
{
"category": "external",
"summary": "SUSE Bug 1257557 for CVE-2026-23021",
"url": "https://bugzilla.suse.com/1257557"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23021"
},
{
"cve": "CVE-2026-23026",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23026"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config()\n\nFix a memory leak in gpi_peripheral_config() where the original memory\npointed to by gchan-\u003econfig could be lost if krealloc() fails.\n\nThe issue occurs when:\n1. gchan-\u003econfig points to previously allocated memory\n2. krealloc() fails and returns NULL\n3. The function directly assigns NULL to gchan-\u003econfig, losing the\n reference to the original memory\n4. The original memory becomes unreachable and cannot be freed\n\nFix this by using a temporary variable to hold the krealloc() result\nand only updating gchan-\u003econfig when the allocation succeeds.\n\nFound via static analysis and code review.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23026",
"url": "https://www.suse.com/security/cve/CVE-2026-23026"
},
{
"category": "external",
"summary": "SUSE Bug 1257562 for CVE-2026-23026",
"url": "https://bugzilla.suse.com/1257562"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23026"
},
{
"cve": "CVE-2026-23033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23033"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: omap-dma: fix dma_pool resource leak in error paths\n\nThe dma_pool created by dma_pool_create() is not destroyed when\ndma_async_device_register() or of_dma_controller_register() fails,\ncausing a resource leak in the probe error paths.\n\nAdd dma_pool_destroy() in both error paths to properly release the\nallocated dma_pool resource.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23033",
"url": "https://www.suse.com/security/cve/CVE-2026-23033"
},
{
"category": "external",
"summary": "SUSE Bug 1257570 for CVE-2026-23033",
"url": "https://bugzilla.suse.com/1257570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "low"
}
],
"title": "CVE-2026-23033"
},
{
"cve": "CVE-2026-23035",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23035"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv\n\nmlx5e_priv is an unstable structure that can be memset(0) if profile\nattaching fails.\n\nPass netdev to mlx5e_destroy_netdev() to guarantee it will work on a\nvalid netdev.\n\nOn mlx5e_remove: Check validity of priv-\u003eprofile, before attempting\nto cleanup any resources that might be not there.\n\nThis fixes a kernel oops in mlx5e_remove when switchdev mode fails due\nto change profile failure.\n\n$ devlink dev eswitch set pci/0000:00:03.0 mode switchdev\nError: mlx5_core: Failed setting eswitch to offloads.\ndmesg:\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: new profile init failed, -12\nworkqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\nmlx5_core 0012:03:00.1: mlx5e_netdev_init_profile:6214:(pid 37199): mlx5e_priv_init failed, err=-12\nmlx5_core 0012:03:00.1 gpu3rdma1: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n\n$ devlink dev reload pci/0000:00:03.0 ==\u003e oops\n\nBUG: kernel NULL pointer dereference, address: 0000000000000370\nPGD 0 P4D 0\nOops: Oops: 0000 [#1] SMP NOPTI\nCPU: 15 UID: 0 PID: 520 Comm: devlink Not tainted 6.18.0-rc5+ #115 PREEMPT(voluntary)\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nRIP: 0010:mlx5e_dcbnl_dscp_app+0x23/0x100\nRSP: 0018:ffffc9000083f8b8 EFLAGS: 00010286\nRAX: ffff8881126fc380 RBX: ffff8881015ac400 RCX: ffffffff826ffc45\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8881035109c0\nRBP: ffff8881035109c0 R08: ffff888101e3e838 R09: ffff888100264e10\nR10: ffffc9000083f898 R11: ffffc9000083f8a0 R12: ffff888101b921a0\nR13: ffff888101b921a0 R14: ffff8881015ac9a0 R15: ffff8881015ac400\nFS: 00007f789a3c8740(0000) GS:ffff88856aa59000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000370 CR3: 000000010b6c0001 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n mlx5e_remove+0x57/0x110\n device_release_driver_internal+0x19c/0x200\n bus_remove_device+0xc6/0x130\n device_del+0x160/0x3d0\n ? devl_param_driverinit_value_get+0x2d/0x90\n mlx5_detach_device+0x89/0xe0\n mlx5_unload_one_devl_locked+0x3a/0x70\n mlx5_devlink_reload_down+0xc8/0x220\n devlink_reload+0x7d/0x260\n devlink_nl_reload_doit+0x45b/0x5a0\n genl_family_rcv_msg_doit+0xe8/0x140",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23035",
"url": "https://www.suse.com/security/cve/CVE-2026-23035"
},
{
"category": "external",
"summary": "SUSE Bug 1257559 for CVE-2026-23035",
"url": "https://bugzilla.suse.com/1257559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23035"
},
{
"cve": "CVE-2026-23037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: etas_es58x: allow partial RX URB allocation to succeed\n\nWhen es58x_alloc_rx_urbs() fails to allocate the requested number of\nURBs but succeeds in allocating some, it returns an error code.\nThis causes es58x_open() to return early, skipping the cleanup label\n\u0027free_urbs\u0027, which leads to the anchored URBs being leaked.\n\nAs pointed out by maintainer Vincent Mailhol, the driver is designed\nto handle partial URB allocation gracefully. Therefore, partial\nallocation should not be treated as a fatal error.\n\nModify es58x_alloc_rx_urbs() to return 0 if at least one URB has been\nallocated, restoring the intended behavior and preventing the leak\nin es58x_open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23037",
"url": "https://www.suse.com/security/cve/CVE-2026-23037"
},
{
"category": "external",
"summary": "SUSE Bug 1257554 for CVE-2026-23037",
"url": "https://bugzilla.suse.com/1257554"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "low"
}
],
"title": "CVE-2026-23037"
},
{
"cve": "CVE-2026-23049",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23049"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel\n\nThe connector type for the DataImage SCF0700C48GGU18 panel is missing and\ndevm_drm_panel_bridge_add() requires connector type to be set. This leads\nto a warning and a backtrace in the kernel log and panel does not work:\n\"\nWARNING: CPU: 3 PID: 38 at drivers/gpu/drm/bridge/panel.c:379 devm_drm_of_get_bridge+0xac/0xb8\n\"\nThe warning is triggered by a check for valid connector type in\ndevm_drm_panel_bridge_add(). If there is no valid connector type\nset for a panel, the warning is printed and panel is not added.\nFill in the missing connector type to fix the warning and make\nthe panel operational once again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23049",
"url": "https://www.suse.com/security/cve/CVE-2026-23049"
},
{
"category": "external",
"summary": "SUSE Bug 1257723 for CVE-2026-23049",
"url": "https://bugzilla.suse.com/1257723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23049"
},
{
"cve": "CVE-2026-23053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23053"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix a deadlock involving nfs_release_folio()\n\nWang Zhaolong reports a deadlock involving NFSv4.1 state recovery\nwaiting on kthreadd, which is attempting to reclaim memory by calling\nnfs_release_folio(). The latter cannot make progress due to state\nrecovery being needed.\n\nIt seems that the only safe thing to do here is to kick off a writeback\nof the folio, without waiting for completion, or else kicking off an\nasynchronous commit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23053",
"url": "https://www.suse.com/security/cve/CVE-2026-23053"
},
{
"category": "external",
"summary": "SUSE Bug 1257718 for CVE-2026-23053",
"url": "https://bugzilla.suse.com/1257718"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23053"
},
{
"cve": "CVE-2026-23056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23056"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: implement mremap in uacce_vm_ops to return -EPERM\n\nThe current uacce_vm_ops does not support the mremap operation of\nvm_operations_struct. Implement .mremap to return -EPERM to remind\nusers.\n\nThe reason we need to explicitly disable mremap is that when the\ndriver does not implement .mremap, it uses the default mremap\nmethod. This could lead to a risk scenario:\n\nAn application might first mmap address p1, then mremap to p2,\nfollowed by munmap(p1), and finally munmap(p2). Since the default\nmremap copies the original vma\u0027s vm_private_data (i.e., q) to the\nnew vma, both munmap operations would trigger vma_close, causing\nq-\u003eqfr to be freed twice(qfr will be set to null here, so repeated\nrelease is ok).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23056",
"url": "https://www.suse.com/security/cve/CVE-2026-23056"
},
{
"category": "external",
"summary": "SUSE Bug 1257729 for CVE-2026-23056",
"url": "https://bugzilla.suse.com/1257729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23056"
},
{
"cve": "CVE-2026-23057",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23057"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Coalesce only linear skb\n\nvsock/virtio common tries to coalesce buffers in rx queue: if a linear skb\n(with a spare tail room) is followed by a small skb (length limited by\nGOOD_COPY_LEN = 128), an attempt is made to join them.\n\nSince the introduction of MSG_ZEROCOPY support, assumption that a small skb\nwill always be linear is incorrect. In the zerocopy case, data is lost and\nthe linear skb is appended with uninitialized kernel memory.\n\nOf all 3 supported virtio-based transports, only loopback-transport is\naffected. G2H virtio-transport rx queue operates on explicitly linear skbs;\nsee virtio_vsock_alloc_linear_skb() in virtio_vsock_rx_fill(). H2G\nvhost-transport may allocate non-linear skbs, but only for sizes that are\nnot considered for coalescence; see PAGE_ALLOC_COSTLY_ORDER in\nvirtio_vsock_alloc_skb().\n\nEnsure only linear skbs are coalesced. Note that skb_tailroom(last_skb) \u003e 0\nguarantees last_skb is linear.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23057",
"url": "https://www.suse.com/security/cve/CVE-2026-23057"
},
{
"category": "external",
"summary": "SUSE Bug 1257740 for CVE-2026-23057",
"url": "https://bugzilla.suse.com/1257740"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23057"
},
{
"cve": "CVE-2026-23058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23058"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak\n\nFix similar memory leak as in commit 7352e1d5932a (\"can: gs_usb:\ngs_usb_receive_bulk_callback(): fix URB memory leak\").\n\nIn ems_usb_open(), the URBs for USB-in transfers are allocated, added to\nthe dev-\u003erx_submitted anchor and submitted. In the complete callback\nems_usb_read_bulk_callback(), the URBs are processed and resubmitted. In\nems_usb_close() the URBs are freed by calling\nusb_kill_anchored_urbs(\u0026dev-\u003erx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in ems_usb_close().\n\nFix the memory leak by anchoring the URB in the\nems_usb_read_bulk_callback() to the dev-\u003erx_submitted anchor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23058",
"url": "https://www.suse.com/security/cve/CVE-2026-23058"
},
{
"category": "external",
"summary": "SUSE Bug 1257739 for CVE-2026-23058",
"url": "https://bugzilla.suse.com/1257739"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "low"
}
],
"title": "CVE-2026-23058"
},
{
"cve": "CVE-2026-23060",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23060"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: authencesn - reject too-short AAD (assoclen\u003c8) to match ESP/ESN spec\n\nauthencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than\nthe minimum expected length, crypto_authenc_esn_decrypt() can advance past\nthe end of the destination scatterlist and trigger a NULL pointer dereference\nin scatterwalk_map_and_copy(), leading to a kernel panic (DoS).\n\nAdd a minimum AAD length check to fail fast on invalid inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23060",
"url": "https://www.suse.com/security/cve/CVE-2026-23060"
},
{
"category": "external",
"summary": "SUSE Bug 1257735 for CVE-2026-23060",
"url": "https://bugzilla.suse.com/1257735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23060"
},
{
"cve": "CVE-2026-23061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23061"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak\n\nFix similar memory leak as in commit 7352e1d5932a (\"can: gs_usb:\ngs_usb_receive_bulk_callback(): fix URB memory leak\").\n\nIn kvaser_usb_set_{,data_}bittiming() -\u003e kvaser_usb_setup_rx_urbs(), the\nURBs for USB-in transfers are allocated, added to the dev-\u003erx_submitted\nanchor and submitted. In the complete callback\nkvaser_usb_read_bulk_callback(), the URBs are processed and resubmitted. In\nkvaser_usb_remove_interfaces() the URBs are freed by calling\nusb_kill_anchored_urbs(\u0026dev-\u003erx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in usb_kill_anchored_urbs().\n\nFix the memory leak by anchoring the URB in the\nkvaser_usb_read_bulk_callback() to the dev-\u003erx_submitted anchor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23061",
"url": "https://www.suse.com/security/cve/CVE-2026-23061"
},
{
"category": "external",
"summary": "SUSE Bug 1257776 for CVE-2026-23061",
"url": "https://bugzilla.suse.com/1257776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23061"
},
{
"cve": "CVE-2026-23063",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23063"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: ensure safe queue release with state management\n\nDirectly calling `put_queue` carries risks since it cannot\nguarantee that resources of `uacce_queue` have been fully released\nbeforehand. So adding a `stop_queue` operation for the\nUACCE_CMD_PUT_Q command and leaving the `put_queue` operation to\nthe final resource release ensures safety.\n\nQueue states are defined as follows:\n- UACCE_Q_ZOMBIE: Initial state\n- UACCE_Q_INIT: After opening `uacce`\n- UACCE_Q_STARTED: After `start` is issued via `ioctl`\n\nWhen executing `poweroff -f` in virt while accelerator are still\nworking, `uacce_fops_release` and `uacce_remove` may execute\nconcurrently. This can cause `uacce_put_queue` within\n`uacce_fops_release` to access a NULL `ops` pointer. Therefore, add\nstate checks to prevent accessing freed pointers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23063",
"url": "https://www.suse.com/security/cve/CVE-2026-23063"
},
{
"category": "external",
"summary": "SUSE Bug 1257722 for CVE-2026-23063",
"url": "https://bugzilla.suse.com/1257722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23063"
},
{
"cve": "CVE-2026-23064",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23064"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ife: avoid possible NULL deref\n\ntcf_ife_encode() must make sure ife_encode() does not return NULL.\n\nsyzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:ife_tlv_meta_encode+0x41/0xa0 net/ife/ife.c:166\nCPU: 3 UID: 0 PID: 8990 Comm: syz.0.696 Not tainted syzkaller #0 PREEMPT(full)\nCall Trace:\n \u003cTASK\u003e\n ife_encode_meta_u32+0x153/0x180 net/sched/act_ife.c:101\n tcf_ife_encode net/sched/act_ife.c:841 [inline]\n tcf_ife_act+0x1022/0x1de0 net/sched/act_ife.c:877\n tc_act include/net/tc_wrapper.h:130 [inline]\n tcf_action_exec+0x1c0/0xa20 net/sched/act_api.c:1152\n tcf_exts_exec include/net/pkt_cls.h:349 [inline]\n mall_classify+0x1a0/0x2a0 net/sched/cls_matchall.c:42\n tc_classify include/net/tc_wrapper.h:197 [inline]\n __tcf_classify net/sched/cls_api.c:1764 [inline]\n tcf_classify+0x7f2/0x1380 net/sched/cls_api.c:1860\n multiq_classify net/sched/sch_multiq.c:39 [inline]\n multiq_enqueue+0xe0/0x510 net/sched/sch_multiq.c:66\n dev_qdisc_enqueue+0x45/0x250 net/core/dev.c:4147\n __dev_xmit_skb net/core/dev.c:4262 [inline]\n __dev_queue_xmit+0x2998/0x46c0 net/core/dev.c:4798",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23064",
"url": "https://www.suse.com/security/cve/CVE-2026-23064"
},
{
"category": "external",
"summary": "SUSE Bug 1257765 for CVE-2026-23064",
"url": "https://bugzilla.suse.com/1257765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23064"
},
{
"cve": "CVE-2026-23068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23068"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-sprd-adi: Fix double free in probe error path\n\nThe driver currently uses spi_alloc_host() to allocate the controller\nbut registers it using devm_spi_register_controller().\n\nIf devm_register_restart_handler() fails, the code jumps to the\nput_ctlr label and calls spi_controller_put(). However, since the\ncontroller was registered via a devm function, the device core will\nautomatically call spi_controller_put() again when the probe fails.\nThis results in a double-free of the spi_controller structure.\n\nFix this by switching to devm_spi_alloc_host() and removing the\nmanual spi_controller_put() call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23068",
"url": "https://www.suse.com/security/cve/CVE-2026-23068"
},
{
"category": "external",
"summary": "SUSE Bug 1257805 for CVE-2026-23068",
"url": "https://bugzilla.suse.com/1257805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23068"
},
{
"cve": "CVE-2026-23071",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23071"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: Fix race condition in hwspinlock irqsave routine\n\nPreviously, the address of the shared member \u0027\u0026map-\u003espinlock_flags\u0027 was\npassed directly to \u0027hwspin_lock_timeout_irqsave\u0027. This creates a race\ncondition where multiple contexts contending for the lock could overwrite\nthe shared flags variable, potentially corrupting the state for the\ncurrent lock owner.\n\nFix this by using a local stack variable \u0027flags\u0027 to store the IRQ state\ntemporarily.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23071",
"url": "https://www.suse.com/security/cve/CVE-2026-23071"
},
{
"category": "external",
"summary": "SUSE Bug 1257706 for CVE-2026-23071",
"url": "https://bugzilla.suse.com/1257706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23071"
},
{
"cve": "CVE-2026-23073",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23073"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rsi: Fix memory corruption due to not set vif driver data size\n\nThe struct ieee80211_vif contains trailing space for vif driver data,\nwhen struct ieee80211_vif is allocated, the total memory size that is\nallocated is sizeof(struct ieee80211_vif) + size of vif driver data.\nThe size of vif driver data is set by each WiFi driver as needed.\n\nThe RSI911x driver does not set vif driver data size, no trailing space\nfor vif driver data is therefore allocated past struct ieee80211_vif .\nThe RSI911x driver does however use the vif driver data to store its\nvif driver data structure \"struct vif_priv\". An access to vif-\u003edrv_priv\nleads to access out of struct ieee80211_vif bounds and corruption of\nsome memory.\n\nIn case of the failure observed locally, rsi_mac80211_add_interface()\nwould write struct vif_priv *vif_info = (struct vif_priv *)vif-\u003edrv_priv;\nvif_info-\u003evap_id = vap_idx. This write corrupts struct fq_tin member\nstruct list_head new_flows . The flow = list_first_entry(head, struct\nfq_flow, flowchain); in fq_tin_reset() then reports non-NULL bogus\naddress, which when accessed causes a crash.\n\nThe trigger is very simple, boot the machine with init=/bin/sh , mount\ndevtmpfs, sysfs, procfs, and then do \"ip link set wlan0 up\", \"sleep 1\",\n\"ip link set wlan0 down\" and the crash occurs.\n\nFix this by setting the correct size of vif driver data, which is the\nsize of \"struct vif_priv\", so that memory is allocated and the driver\ncan store its driver data in it, instead of corrupting memory around\nit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23073",
"url": "https://www.suse.com/security/cve/CVE-2026-23073"
},
{
"category": "external",
"summary": "SUSE Bug 1257707 for CVE-2026-23073",
"url": "https://bugzilla.suse.com/1257707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23073"
},
{
"cve": "CVE-2026-23074",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23074"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Enforce that teql can only be used as root qdisc\n\nDesign intent of teql is that it is only supposed to be used as root qdisc.\nWe need to check for that constraint.\n\nAlthough not important, I will describe the scenario that unearthed this\nissue for the curious.\n\nGangMin Kim \u003ckm.kim1503@gmail.com\u003e managed to concot a scenario as follows:\n\nROOT qdisc 1:0 (QFQ)\n \u251c\u2500\u2500 class 1:1 (weight=15, lmax=16384) netem with delay 6.4s\n \u2500\u2500 class 1:2 (weight=1, lmax=1514) teql\n\nGangMin sends a packet which is enqueued to 1:1 (netem).\nAny invocation of dequeue by QFQ from this class will not return a packet\nuntil after 6.4s. In the meantime, a second packet is sent and it lands on\n1:2. teql\u0027s enqueue will return success and this will activate class 1:2.\nMain issue is that teql only updates the parent visible qlen (sch-\u003eq.qlen)\nat dequeue. Since QFQ will only call dequeue if peek succeeds (and teql\u0027s\npeek always returns NULL), dequeue will never be called and thus the qlen\nwill remain as 0. With that in mind, when GangMin updates 1:2\u0027s lmax value,\nthe qfq_change_class calls qfq_deact_rm_from_agg. Since the child qdisc\u0027s\nqlen was not incremented, qfq fails to deactivate the class, but still\nfrees its pointers from the aggregate. So when the first packet is\nrescheduled after 6.4 seconds (netem\u0027s delay), a dangling pointer is\naccessed causing GangMin\u0027s causing a UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23074",
"url": "https://www.suse.com/security/cve/CVE-2026-23074"
},
{
"category": "external",
"summary": "SUSE Bug 1257749 for CVE-2026-23074",
"url": "https://bugzilla.suse.com/1257749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2026-23074"
},
{
"cve": "CVE-2026-23076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23076"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ctxfi: Fix potential OOB access in audio mixer handling\n\nIn the audio mixer handling code of ctxfi driver, the conf field is\nused as a kind of loop index, and it\u0027s referred in the index callbacks\n(amixer_index() and sum_index()).\n\nAs spotted recently by fuzzers, the current code causes OOB access at\nthose functions.\n| UBSAN: array-index-out-of-bounds in /build/reproducible-path/linux-6.17.8/sound/pci/ctxfi/ctamixer.c:347:48\n| index 8 is out of range for type \u0027unsigned char [8]\u0027\n\nAfter the analysis, the cause was found to be the lack of the proper\n(re-)initialization of conj field.\n\nThis patch addresses those OOB accesses by adding the proper\ninitializations of the loop indices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23076",
"url": "https://www.suse.com/security/cve/CVE-2026-23076"
},
{
"category": "external",
"summary": "SUSE Bug 1257788 for CVE-2026-23076",
"url": "https://bugzilla.suse.com/1257788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23076"
},
{
"cve": "CVE-2026-23078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23078"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: scarlett2: Fix buffer overflow in config retrieval\n\nThe scarlett2_usb_get_config() function has a logic error in the\nendianness conversion code that can cause buffer overflows when\ncount \u003e 1.\n\nThe code checks `if (size == 2)` where `size` is the total buffer size in\nbytes, then loops `count` times treating each element as u16 (2 bytes).\nThis causes the loop to access `count * 2` bytes when the buffer only\nhas `size` bytes allocated.\n\nFix by checking the element size (config_item-\u003esize) instead of the\ntotal buffer size. This ensures the endianness conversion matches the\nactual element type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23078",
"url": "https://www.suse.com/security/cve/CVE-2026-23078"
},
{
"category": "external",
"summary": "SUSE Bug 1257789 for CVE-2026-23078",
"url": "https://bugzilla.suse.com/1257789"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23078"
},
{
"cve": "CVE-2026-23080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23080"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak\n\nFix similar memory leak as in commit 7352e1d5932a (\"can: gs_usb:\ngs_usb_receive_bulk_callback(): fix URB memory leak\").\n\nIn mcba_usb_probe() -\u003e mcba_usb_start(), the URBs for USB-in transfers are\nallocated, added to the priv-\u003erx_submitted anchor and submitted. In the\ncomplete callback mcba_usb_read_bulk_callback(), the URBs are processed and\nresubmitted. In mcba_usb_close() -\u003e mcba_urb_unlink() the URBs are freed by\ncalling usb_kill_anchored_urbs(\u0026priv-\u003erx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in usb_kill_anchored_urbs().\n\nFix the memory leak by anchoring the URB in the\nmcba_usb_read_bulk_callback()to the priv-\u003erx_submitted anchor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23080",
"url": "https://www.suse.com/security/cve/CVE-2026-23080"
},
{
"category": "external",
"summary": "SUSE Bug 1257714 for CVE-2026-23080",
"url": "https://bugzilla.suse.com/1257714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23080"
},
{
"cve": "CVE-2026-23082",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23082"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error\n\nIn commit 7352e1d5932a (\"can: gs_usb: gs_usb_receive_bulk_callback(): fix\nURB memory leak\"), the URB was re-anchored before usb_submit_urb() in\ngs_usb_receive_bulk_callback() to prevent a leak of this URB during\ncleanup.\n\nHowever, this patch did not take into account that usb_submit_urb() could\nfail. The URB remains anchored and\nusb_kill_anchored_urbs(\u0026parent-\u003erx_submitted) in gs_can_close() loops\ninfinitely since the anchor list never becomes empty.\n\nTo fix the bug, unanchor the URB when an usb_submit_urb() error occurs,\nalso print an info message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23082",
"url": "https://www.suse.com/security/cve/CVE-2026-23082"
},
{
"category": "external",
"summary": "SUSE Bug 1257715 for CVE-2026-23082",
"url": "https://bugzilla.suse.com/1257715"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23082"
},
{
"cve": "CVE-2026-23083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23083"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfou: Don\u0027t allow 0 for FOU_ATTR_IPPROTO.\n\nfou_udp_recv() has the same problem mentioned in the previous\npatch.\n\nIf FOU_ATTR_IPPROTO is set to 0, skb is not freed by\nfou_udp_recv() nor \"resubmit\"-ted in ip_protocol_deliver_rcu().\n\nLet\u0027s forbid 0 for FOU_ATTR_IPPROTO.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23083",
"url": "https://www.suse.com/security/cve/CVE-2026-23083"
},
{
"category": "external",
"summary": "SUSE Bug 1257745 for CVE-2026-23083",
"url": "https://bugzilla.suse.com/1257745"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "low"
}
],
"title": "CVE-2026-23083"
},
{
"cve": "CVE-2026-23084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23084"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list\n\nWhen the parameter pmac_id_valid argument of be_cmd_get_mac_from_list() is\nset to false, the driver may request the PMAC_ID from the firmware of the\nnetwork card, and this function will store that PMAC_ID at the provided\naddress pmac_id. This is the contract of this function.\n\nHowever, there is a location within the driver where both\npmac_id_valid == false and pmac_id == NULL are being passed. This could\nresult in dereferencing a NULL pointer.\n\nTo resolve this issue, it is necessary to pass the address of a stub\nvariable to the function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23084",
"url": "https://www.suse.com/security/cve/CVE-2026-23084"
},
{
"category": "external",
"summary": "SUSE Bug 1257830 for CVE-2026-23084",
"url": "https://bugzilla.suse.com/1257830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23084"
},
{
"cve": "CVE-2026-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23085"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3-its: Avoid truncating memory addresses\n\nOn 32-bit machines with CONFIG_ARM_LPAE, it is possible for lowmem\nallocations to be backed by addresses physical memory above the 32-bit\naddress limit, as found while experimenting with larger VMSPLIT\nconfigurations.\n\nThis caused the qemu virt model to crash in the GICv3 driver, which\nallocates the \u0027itt\u0027 object using GFP_KERNEL. Since all memory below\nthe 4GB physical address limit is in ZONE_DMA in this configuration,\nkmalloc() defaults to higher addresses for ZONE_NORMAL, and the\nITS driver stores the physical address in a 32-bit \u0027unsigned long\u0027\nvariable.\n\nChange the itt_addr variable to the correct phys_addr_t type instead,\nalong with all other variables in this driver that hold a physical\naddress.\n\nThe gicv5 driver correctly uses u64 variables, while all other irqchip\ndrivers don\u0027t call virt_to_phys or similar interfaces. It\u0027s expected that\nother device drivers have similar issues, but fixing this one is\nsufficient for booting a virtio based guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23085",
"url": "https://www.suse.com/security/cve/CVE-2026-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1257758 for CVE-2026-23085",
"url": "https://bugzilla.suse.com/1257758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23085"
},
{
"cve": "CVE-2026-23086",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23086"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: cap TX credit to local buffer size\n\nThe virtio transports derives its TX credit directly from peer_buf_alloc,\nwhich is set from the remote endpoint\u0027s SO_VM_SOCKETS_BUFFER_SIZE value.\n\nOn the host side this means that the amount of data we are willing to\nqueue for a connection is scaled by a guest-chosen buffer size, rather\nthan the host\u0027s own vsock configuration. A malicious guest can advertise\na large buffer and read slowly, causing the host to allocate a\ncorrespondingly large amount of sk_buff memory.\nThe same thing would happen in the guest with a malicious host, since\nvirtio transports share the same code base.\n\nIntroduce a small helper, virtio_transport_tx_buf_size(), that\nreturns min(peer_buf_alloc, buf_alloc), and use it wherever we consume\npeer_buf_alloc.\n\nThis ensures the effective TX window is bounded by both the peer\u0027s\nadvertised buffer and our own buf_alloc (already clamped to\nbuffer_max_size via SO_VM_SOCKETS_BUFFER_MAX_SIZE), so a remote peer\ncannot force the other to queue more data than allowed by its own\nvsock settings.\n\nOn an unpatched Ubuntu 22.04 host (~64 GiB RAM), running a PoC with\n32 guest vsock connections advertising 2 GiB each and reading slowly\ndrove Slab/SUnreclaim from ~0.5 GiB to ~57 GiB; the system only\nrecovered after killing the QEMU process. That said, if QEMU memory is\nlimited with cgroups, the maximum memory used will be limited.\n\nWith this patch applied:\n\n Before:\n MemFree: ~61.6 GiB\n Slab: ~142 MiB\n SUnreclaim: ~117 MiB\n\n After 32 high-credit connections:\n MemFree: ~61.5 GiB\n Slab: ~178 MiB\n SUnreclaim: ~152 MiB\n\nOnly ~35 MiB increase in Slab/SUnreclaim, no host OOM, and the guest\nremains responsive.\n\nCompatibility with non-virtio transports:\n\n - VMCI uses the AF_VSOCK buffer knobs to size its queue pairs per\n socket based on the local vsk-\u003ebuffer_* values; the remote side\n cannot enlarge those queues beyond what the local endpoint\n configured.\n\n - Hyper-V\u0027s vsock transport uses fixed-size VMBus ring buffers and\n an MTU bound; there is no peer-controlled credit field comparable\n to peer_buf_alloc, and the remote endpoint cannot drive in-flight\n kernel memory above those ring sizes.\n\n - The loopback path reuses virtio_transport_common.c, so it\n naturally follows the same semantics as the virtio transport.\n\nThis change is limited to virtio_transport_common.c and thus affects\nvirtio-vsock, vhost-vsock, and loopback, bringing them in line with the\n\"remote window intersected with local policy\" behaviour that VMCI and\nHyper-V already effectively have.\n\n[Stefano: small adjustments after changing the previous patch]\n[Stefano: tweak the commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23086",
"url": "https://www.suse.com/security/cve/CVE-2026-23086"
},
{
"category": "external",
"summary": "SUSE Bug 1257757 for CVE-2026-23086",
"url": "https://bugzilla.suse.com/1257757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23086"
},
{
"cve": "CVE-2026-23089",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23089"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()\n\nWhen snd_usb_create_mixer() fails, snd_usb_mixer_free() frees\nmixer-\u003eid_elems but the controls already added to the card still\nreference the freed memory. Later when snd_card_register() runs,\nthe OSS mixer layer calls their callbacks and hits a use-after-free read.\n\nCall trace:\n get_ctl_value+0x63f/0x820 sound/usb/mixer.c:411\n get_min_max_with_quirks.isra.0+0x240/0x1f40 sound/usb/mixer.c:1241\n mixer_ctl_feature_info+0x26b/0x490 sound/usb/mixer.c:1381\n snd_mixer_oss_build_test+0x174/0x3a0 sound/core/oss/mixer_oss.c:887\n ...\n snd_card_register+0x4ed/0x6d0 sound/core/init.c:923\n usb_audio_probe+0x5ef/0x2a90 sound/usb/card.c:1025\n\nFix by calling snd_ctl_remove() for all mixer controls before freeing\nid_elems. We save the next pointer first because snd_ctl_remove()\nfrees the current element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23089",
"url": "https://www.suse.com/security/cve/CVE-2026-23089"
},
{
"category": "external",
"summary": "SUSE Bug 1257790 for CVE-2026-23089",
"url": "https://bugzilla.suse.com/1257790"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23089"
},
{
"cve": "CVE-2026-23090",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23090"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nslimbus: core: fix device reference leak on report present\n\nSlimbus devices can be allocated dynamically upon reception of\nreport-present messages.\n\nMake sure to drop the reference taken when looking up already registered\ndevices.\n\nNote that this requires taking an extra reference in case the device has\nnot yet been registered and has to be allocated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23090",
"url": "https://www.suse.com/security/cve/CVE-2026-23090"
},
{
"category": "external",
"summary": "SUSE Bug 1257759 for CVE-2026-23090",
"url": "https://bugzilla.suse.com/1257759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23090"
},
{
"cve": "CVE-2026-23091",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23091"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nintel_th: fix device leak on output open()\n\nMake sure to drop the reference taken when looking up the th device\nduring output device open() on errors and on close().\n\nNote that a recent commit fixed the leak in a couple of open() error\npaths but not all of them, and the reference is still leaking on\nsuccessful open().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23091",
"url": "https://www.suse.com/security/cve/CVE-2026-23091"
},
{
"category": "external",
"summary": "SUSE Bug 1257813 for CVE-2026-23091",
"url": "https://bugzilla.suse.com/1257813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23091"
},
{
"cve": "CVE-2026-23094",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23094"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: fix isolate sysfs check condition\n\nuacce supports the device isolation feature. If the driver\nimplements the isolate_err_threshold_read and\nisolate_err_threshold_write callback functions, uacce will create\nsysfs files now. Users can read and configure the isolation policy\nthrough sysfs. Currently, sysfs files are created as long as either\nisolate_err_threshold_read or isolate_err_threshold_write callback\nfunctions are present.\n\nHowever, accessing a non-existent callback function may cause the\nsystem to crash. Therefore, intercept the creation of sysfs if\nneither read nor write exists; create sysfs if either is supported,\nbut intercept unsupported operations at the call site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23094",
"url": "https://www.suse.com/security/cve/CVE-2026-23094"
},
{
"category": "external",
"summary": "SUSE Bug 1257811 for CVE-2026-23094",
"url": "https://bugzilla.suse.com/1257811"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23094"
},
{
"cve": "CVE-2026-23095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23095"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngue: Fix skb memleak with inner IP protocol 0.\n\nsyzbot reported skb memleak below. [0]\n\nThe repro generated a GUE packet with its inner protocol 0.\n\ngue_udp_recv() returns -guehdr-\u003eproto_ctype for \"resubmit\"\nin ip_protocol_deliver_rcu(), but this only works with\nnon-zero protocol number.\n\nLet\u0027s drop such packets.\n\nNote that 0 is a valid number (IPv6 Hop-by-Hop Option).\n\nI think it is not practical to encap HOPOPT in GUE, so once\nsomeone starts to complain, we could pass down a resubmit\nflag pointer to distinguish two zeros from the upper layer:\n\n * no error\n * resubmit HOPOPT\n\n[0]\nBUG: memory leak\nunreferenced object 0xffff888109695a00 (size 240):\n comm \"syz.0.17\", pid 6088, jiffies 4294943096\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 40 c2 10 81 88 ff ff 00 00 00 00 00 00 00 00 .@..............\n backtrace (crc a84b336f):\n kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n slab_post_alloc_hook mm/slub.c:4958 [inline]\n slab_alloc_node mm/slub.c:5263 [inline]\n kmem_cache_alloc_noprof+0x3b4/0x590 mm/slub.c:5270\n __build_skb+0x23/0x60 net/core/skbuff.c:474\n build_skb+0x20/0x190 net/core/skbuff.c:490\n __tun_build_skb drivers/net/tun.c:1541 [inline]\n tun_build_skb+0x4a1/0xa40 drivers/net/tun.c:1636\n tun_get_user+0xc12/0x2030 drivers/net/tun.c:1770\n tun_chr_write_iter+0x71/0x120 drivers/net/tun.c:1999\n new_sync_write fs/read_write.c:593 [inline]\n vfs_write+0x45d/0x710 fs/read_write.c:686\n ksys_write+0xa7/0x170 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23095",
"url": "https://www.suse.com/security/cve/CVE-2026-23095"
},
{
"category": "external",
"summary": "SUSE Bug 1257808 for CVE-2026-23095",
"url": "https://bugzilla.suse.com/1257808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23095"
},
{
"cve": "CVE-2026-23096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23096"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nuacce: fix cdev handling in the cleanup path\n\nWhen cdev_device_add fails, it internally releases the cdev memory,\nand if cdev_device_del is then executed, it will cause a hang error.\nTo fix it, we check the return value of cdev_device_add() and clear\nuacce-\u003ecdev to avoid calling cdev_device_del in the uacce_remove.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23096",
"url": "https://www.suse.com/security/cve/CVE-2026-23096"
},
{
"category": "external",
"summary": "SUSE Bug 1257809 for CVE-2026-23096",
"url": "https://bugzilla.suse.com/1257809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23096"
},
{
"cve": "CVE-2026-23099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23099"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: limit BOND_MODE_8023AD to Ethernet devices\n\nBOND_MODE_8023AD makes sense for ARPHRD_ETHER only.\n\nsyzbot reported:\n\n BUG: KASAN: global-out-of-bounds in __hw_addr_create net/core/dev_addr_lists.c:63 [inline]\n BUG: KASAN: global-out-of-bounds in __hw_addr_add_ex+0x25d/0x760 net/core/dev_addr_lists.c:118\nRead of size 16 at addr ffffffff8bf94040 by task syz.1.3580/19497\n\nCPU: 1 UID: 0 PID: 19497 Comm: syz.1.3580 Tainted: G L syzkaller #0 PREEMPT(full)\nTainted: [L]=SOFTLOCKUP\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xe8/0x150 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xca/0x240 mm/kasan/report.c:482\n kasan_report+0x118/0x150 mm/kasan/report.c:595\n check_region_inline mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x2b0/0x2c0 mm/kasan/generic.c:200\n __asan_memcpy+0x29/0x70 mm/kasan/shadow.c:105\n __hw_addr_create net/core/dev_addr_lists.c:63 [inline]\n __hw_addr_add_ex+0x25d/0x760 net/core/dev_addr_lists.c:118\n __dev_mc_add net/core/dev_addr_lists.c:868 [inline]\n dev_mc_add+0xa1/0x120 net/core/dev_addr_lists.c:886\n bond_enslave+0x2b8b/0x3ac0 drivers/net/bonding/bond_main.c:2180\n do_set_master+0x533/0x6d0 net/core/rtnetlink.c:2963\n do_setlink+0xcf0/0x41c0 net/core/rtnetlink.c:3165\n rtnl_changelink net/core/rtnetlink.c:3776 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3935 [inline]\n rtnl_newlink+0x161c/0x1c90 net/core/rtnetlink.c:4072\n rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6958\n netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2550\n netlink_unicast_kernel net/netlink/af_netlink.c:1318 [inline]\n netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1344\n netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1894\n sock_sendmsg_nosec net/socket.c:727 [inline]\n __sock_sendmsg+0x21c/0x270 net/socket.c:742\n ____sys_sendmsg+0x505/0x820 net/socket.c:2592\n ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2646\n __sys_sendmsg+0x164/0x220 net/socket.c:2678\n do_syscall_32_irqs_on arch/x86/entry/syscall_32.c:83 [inline]\n __do_fast_syscall_32+0x1dc/0x560 arch/x86/entry/syscall_32.c:307\n do_fast_syscall_32+0x34/0x80 arch/x86/entry/syscall_32.c:332\n entry_SYSENTER_compat_after_hwframe+0x84/0x8e\n \u003c/TASK\u003e\n\nThe buggy address belongs to the variable:\n lacpdu_mcast_addr+0x0/0x40",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23099",
"url": "https://www.suse.com/security/cve/CVE-2026-23099"
},
{
"category": "external",
"summary": "SUSE Bug 1257816 for CVE-2026-23099",
"url": "https://bugzilla.suse.com/1257816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23099"
},
{
"cve": "CVE-2026-23101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23101"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nleds: led-class: Only Add LED to leds_list when it is fully ready\n\nBefore this change the LED was added to leds_list before led_init_core()\ngets called adding it the list before led_classdev.set_brightness_work gets\ninitialized.\n\nThis leaves a window where led_trigger_register() of a LED\u0027s default\ntrigger will call led_trigger_set() which calls led_set_brightness()\nwhich in turn will end up queueing the *uninitialized*\nled_classdev.set_brightness_work.\n\nThis race gets hit by the lenovo-thinkpad-t14s EC driver which registers\n2 LEDs with a default trigger provided by snd_ctl_led.ko in quick\nsuccession. The first led_classdev_register() causes an async modprobe of\nsnd_ctl_led to run and that async modprobe manages to exactly hit\nthe window where the second LED is on the leds_list without led_init_core()\nbeing called for it, resulting in:\n\n ------------[ cut here ]------------\n WARNING: CPU: 11 PID: 5608 at kernel/workqueue.c:4234 __flush_work+0x344/0x390\n Hardware name: LENOVO 21N2S01F0B/21N2S01F0B, BIOS N42ET93W (2.23 ) 09/01/2025\n ...\n Call trace:\n __flush_work+0x344/0x390 (P)\n flush_work+0x2c/0x50\n led_trigger_set+0x1c8/0x340\n led_trigger_register+0x17c/0x1c0\n led_trigger_register_simple+0x84/0xe8\n snd_ctl_led_init+0x40/0xf88 [snd_ctl_led]\n do_one_initcall+0x5c/0x318\n do_init_module+0x9c/0x2b8\n load_module+0x7e0/0x998\n\nClose the race window by moving the adding of the LED to leds_list to\nafter the led_init_core() call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23101",
"url": "https://www.suse.com/security/cve/CVE-2026-23101"
},
{
"category": "external",
"summary": "SUSE Bug 1257768 for CVE-2026-23101",
"url": "https://bugzilla.suse.com/1257768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23101"
},
{
"cve": "CVE-2026-23102",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23102"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/fpsimd: signal: Fix restoration of SVE context\n\nWhen SME is supported, Restoring SVE signal context can go wrong in a\nfew ways, including placing the task into an invalid state where the\nkernel may read from out-of-bounds memory (and may potentially take a\nfatal fault) and/or may kill the task with a SIGKILL.\n\n(1) Restoring a context with SVE_SIG_FLAG_SM set can place the task into\n an invalid state where SVCR.SM is set (and sve_state is non-NULL)\n but TIF_SME is clear, consequently resuting in out-of-bounds memory\n reads and/or killing the task with SIGKILL.\n\n This can only occur in unusual (but legitimate) cases where the SVE\n signal context has either been modified by userspace or was saved in\n the context of another task (e.g. as with CRIU), as otherwise the\n presence of an SVE signal context with SVE_SIG_FLAG_SM implies that\n TIF_SME is already set.\n\n While in this state, task_fpsimd_load() will NOT configure SMCR_ELx\n (leaving some arbitrary value configured in hardware) before\n restoring SVCR and attempting to restore the streaming mode SVE\n registers from memory via sve_load_state(). As the value of\n SMCR_ELx.LEN may be larger than the task\u0027s streaming SVE vector\n length, this may read memory outside of the task\u0027s allocated\n sve_state, reading unrelated data and/or triggering a fault.\n\n While this can result in secrets being loaded into streaming SVE\n registers, these values are never exposed. As TIF_SME is clear,\n fpsimd_bind_task_to_cpu() will configure CPACR_ELx.SMEN to trap EL0\n accesses to streaming mode SVE registers, so these cannot be\n accessed directly at EL0. As fpsimd_save_user_state() verifies the\n live vector length before saving (S)SVE state to memory, no secret\n values can be saved back to memory (and hence cannot be observed via\n ptrace, signals, etc).\n\n When the live vector length doesn\u0027t match the expected vector length\n for the task, fpsimd_save_user_state() will send a fatal SIGKILL\n signal to the task. Hence the task may be killed after executing\n userspace for some period of time.\n\n(2) Restoring a context with SVE_SIG_FLAG_SM clear does not clear the\n task\u0027s SVCR.SM. If SVCR.SM was set prior to restoring the context,\n then the task will be left in streaming mode unexpectedly, and some\n register state will be combined inconsistently, though the task will\n be left in legitimate state from the kernel\u0027s PoV.\n\n This can only occur in unusual (but legitimate) cases where ptrace\n has been used to set SVCR.SM after entry to the sigreturn syscall,\n as syscall entry clears SVCR.SM.\n\n In these cases, the the provided SVE register data will be loaded\n into the task\u0027s sve_state using the non-streaming SVE vector length\n and the FPSIMD registers will be merged into this using the\n streaming SVE vector length.\n\nFix (1) by setting TIF_SME when setting SVCR.SM. This also requires\nensuring that the task\u0027s sme_state has been allocated, but as this could\ncontain live ZA state, it should not be zeroed. Fix (2) by clearing\nSVCR.SM when restoring a SVE signal context with SVE_SIG_FLAG_SM clear.\n\nFor consistency, I\u0027ve pulled the manipulation of SVCR, TIF_SVE, TIF_SME,\nand fp_type earlier, immediately after the allocation of\nsve_state/sme_state, before the restore of the actual register state.\nThis makes it easier to ensure that these are always modified\nconsistently, even if a fault is taken while reading the register data\nfrom the signal context. I do not expect any software to depend on the\nexact state restored when a fault is taken while reading the context.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23102",
"url": "https://www.suse.com/security/cve/CVE-2026-23102"
},
{
"category": "external",
"summary": "SUSE Bug 1257772 for CVE-2026-23102",
"url": "https://bugzilla.suse.com/1257772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23102"
},
{
"cve": "CVE-2026-23104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23104"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix devlink reload call trace\n\nCommit 4da71a77fc3b (\"ice: read internal temperature sensor\") introduced\ninternal temperature sensor reading via HWMON. ice_hwmon_init() was added\nto ice_init_feature() and ice_hwmon_exit() was added to ice_remove(). As a\nresult if devlink reload is used to reinit the device and then the driver\nis removed, a call trace can occur.\n\nBUG: unable to handle page fault for address: ffffffffc0fd4b5d\nCall Trace:\n string+0x48/0xe0\n vsnprintf+0x1f9/0x650\n sprintf+0x62/0x80\n name_show+0x1f/0x30\n dev_attr_show+0x19/0x60\n\nThe call trace repeats approximately every 10 minutes when system\nmonitoring tools (e.g., sadc) attempt to read the orphaned hwmon sysfs\nattributes that reference freed module memory.\n\nThe sequence is:\n1. Driver load, ice_hwmon_init() gets called from ice_init_feature()\n2. Devlink reload down, flow does not call ice_remove()\n3. Devlink reload up, ice_hwmon_init() gets called from\n ice_init_feature() resulting in a second instance\n4. Driver unload, ice_hwmon_exit() called from ice_remove() leaving the\n first hwmon instance orphaned with dangling pointer\n\nFix this by moving ice_hwmon_exit() from ice_remove() to\nice_deinit_features() to ensure proper cleanup symmetry with\nice_hwmon_init().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23104",
"url": "https://www.suse.com/security/cve/CVE-2026-23104"
},
{
"category": "external",
"summary": "SUSE Bug 1257763 for CVE-2026-23104",
"url": "https://bugzilla.suse.com/1257763"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23104"
},
{
"cve": "CVE-2026-23105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23105"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag\n\nThis is more of a preventive patch to make the code more consistent and\nto prevent possible exploits that employ child qlen manipulations on qfq.\nuse cl_is_active instead of relying on the child qdisc\u0027s qlen to determine\nclass activation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23105",
"url": "https://www.suse.com/security/cve/CVE-2026-23105"
},
{
"category": "external",
"summary": "SUSE Bug 1257775 for CVE-2026-23105",
"url": "https://bugzilla.suse.com/1257775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23105"
},
{
"cve": "CVE-2026-23107",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23107"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/fpsimd: signal: Allocate SSVE storage when restoring ZA\n\nThe code to restore a ZA context doesn\u0027t attempt to allocate the task\u0027s\nsve_state before setting TIF_SME. Consequently, restoring a ZA context\ncan place a task into an invalid state where TIF_SME is set but the\ntask\u0027s sve_state is NULL.\n\nIn legitimate but uncommon cases where the ZA signal context was NOT\ncreated by the kernel in the context of the same task (e.g. if the task\nis saved/restored with something like CRIU), we have no guarantee that\nsve_state had been allocated previously. In these cases, userspace can\nenter streaming mode without trapping while sve_state is NULL, causing a\nlater NULL pointer dereference when the kernel attempts to store the\nregister state:\n\n| # ./sigreturn-za\n| Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n| Mem abort info:\n| ESR = 0x0000000096000046\n| EC = 0x25: DABT (current EL), IL = 32 bits\n| SET = 0, FnV = 0\n| EA = 0, S1PTW = 0\n| FSC = 0x06: level 2 translation fault\n| Data abort info:\n| ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000\n| CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n| GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n| user pgtable: 4k pages, 52-bit VAs, pgdp=0000000101f47c00\n| [0000000000000000] pgd=08000001021d8403, p4d=0800000102274403, pud=0800000102275403, pmd=0000000000000000\n| Internal error: Oops: 0000000096000046 [#1] SMP\n| Modules linked in:\n| CPU: 0 UID: 0 PID: 153 Comm: sigreturn-za Not tainted 6.19.0-rc1 #1 PREEMPT\n| Hardware name: linux,dummy-virt (DT)\n| pstate: 214000c9 (nzCv daIF +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n| pc : sve_save_state+0x4/0xf0\n| lr : fpsimd_save_user_state+0xb0/0x1c0\n| sp : ffff80008070bcc0\n| x29: ffff80008070bcc0 x28: fff00000c1ca4c40 x27: 63cfa172fb5cf658\n| x26: fff00000c1ca5228 x25: 0000000000000000 x24: 0000000000000000\n| x23: 0000000000000000 x22: fff00000c1ca4c40 x21: fff00000c1ca4c40\n| x20: 0000000000000020 x19: fff00000ff6900f0 x18: 0000000000000000\n| x17: fff05e8e0311f000 x16: 0000000000000000 x15: 028fca8f3bdaf21c\n| x14: 0000000000000212 x13: fff00000c0209f10 x12: 0000000000000020\n| x11: 0000000000200b20 x10: 0000000000000000 x9 : fff00000ff69dcc0\n| x8 : 00000000000003f2 x7 : 0000000000000001 x6 : fff00000c1ca5b48\n| x5 : fff05e8e0311f000 x4 : 0000000008000000 x3 : 0000000000000000\n| x2 : 0000000000000001 x1 : fff00000c1ca5970 x0 : 0000000000000440\n| Call trace:\n| sve_save_state+0x4/0xf0 (P)\n| fpsimd_thread_switch+0x48/0x198\n| __switch_to+0x20/0x1c0\n| __schedule+0x36c/0xce0\n| schedule+0x34/0x11c\n| exit_to_user_mode_loop+0x124/0x188\n| el0_interrupt+0xc8/0xd8\n| __el0_irq_handler_common+0x18/0x24\n| el0t_64_irq_handler+0x10/0x1c\n| el0t_64_irq+0x198/0x19c\n| Code: 54000040 d51b4408 d65f03c0 d503245f (e5bb5800)\n| ---[ end trace 0000000000000000 ]---\n\nFix this by having restore_za_context() ensure that the task\u0027s sve_state\nis allocated, matching what we do when taking an SME trap. Any live\nSVE/SSVE state (which is restored earlier from a separate signal\ncontext) must be preserved, and hence this is not zeroed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23107",
"url": "https://www.suse.com/security/cve/CVE-2026-23107"
},
{
"category": "external",
"summary": "SUSE Bug 1257762 for CVE-2026-23107",
"url": "https://bugzilla.suse.com/1257762"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23107"
},
{
"cve": "CVE-2026-23108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23108"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak\n\nFix similar memory leak as in commit 7352e1d5932a (\"can: gs_usb:\ngs_usb_receive_bulk_callback(): fix URB memory leak\").\n\nIn usb_8dev_open() -\u003e usb_8dev_start(), the URBs for USB-in transfers are\nallocated, added to the priv-\u003erx_submitted anchor and submitted. In the\ncomplete callback usb_8dev_read_bulk_callback(), the URBs are processed and\nresubmitted. In usb_8dev_close() -\u003e unlink_all_urbs() the URBs are freed by\ncalling usb_kill_anchored_urbs(\u0026priv-\u003erx_submitted).\n\nHowever, this does not take into account that the USB framework unanchors\nthe URB before the complete function is called. This means that once an\nin-URB has been completed, it is no longer anchored and is ultimately not\nreleased in usb_kill_anchored_urbs().\n\nFix the memory leak by anchoring the URB in the\nusb_8dev_read_bulk_callback() to the priv-\u003erx_submitted anchor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23108",
"url": "https://www.suse.com/security/cve/CVE-2026-23108"
},
{
"category": "external",
"summary": "SUSE Bug 1257770 for CVE-2026-23108",
"url": "https://bugzilla.suse.com/1257770"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23108"
},
{
"cve": "CVE-2026-23110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23110"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Wake up the error handler when final completions race against each other\n\nThe fragile ordering between marking commands completed or failed so\nthat the error handler only wakes when the last running command\ncompletes or times out has race conditions. These race conditions can\ncause the SCSI layer to fail to wake the error handler, leaving I/O\nthrough the SCSI host stuck as the error state cannot advance.\n\nFirst, there is an memory ordering issue within scsi_dec_host_busy().\nThe write which clears SCMD_STATE_INFLIGHT may be reordered with reads\ncounting in scsi_host_busy(). While the local CPU will see its own\nwrite, reordering can allow other CPUs in scsi_dec_host_busy() or\nscsi_eh_inc_host_failed() to see a raised busy count, causing no CPU to\nsee a host busy equal to the host_failed count.\n\nThis race condition can be prevented with a memory barrier on the error\npath to force the write to be visible before counting host busy\ncommands.\n\nSecond, there is a general ordering issue with scsi_eh_inc_host_failed(). By\ncounting busy commands before incrementing host_failed, it can race with a\nfinal command in scsi_dec_host_busy(), such that scsi_dec_host_busy() does\nnot see host_failed incremented but scsi_eh_inc_host_failed() counts busy\ncommands before SCMD_STATE_INFLIGHT is cleared by scsi_dec_host_busy(),\nresulting in neither waking the error handler task.\n\nThis needs the call to scsi_host_busy() to be moved after host_failed is\nincremented to close the race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23110",
"url": "https://www.suse.com/security/cve/CVE-2026-23110"
},
{
"category": "external",
"summary": "SUSE Bug 1257761 for CVE-2026-23110",
"url": "https://bugzilla.suse.com/1257761"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23110"
},
{
"cve": "CVE-2026-23111",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23111"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate()\n\nnft_map_catchall_activate() has an inverted element activity check\ncompared to its non-catchall counterpart nft_mapelem_activate() and\ncompared to what is logically required.\n\nnft_map_catchall_activate() is called from the abort path to re-activate\ncatchall map elements that were deactivated during a failed transaction.\nIt should skip elements that are already active (they don\u0027t need\nre-activation) and process elements that are inactive (they need to be\nrestored). Instead, the current code does the opposite: it skips inactive\nelements and processes active ones.\n\nCompare the non-catchall activate callback, which is correct:\n\n nft_mapelem_activate():\n if (nft_set_elem_active(ext, iter-\u003egenmask))\n return 0; /* skip active, process inactive */\n\nWith the buggy catchall version:\n\n nft_map_catchall_activate():\n if (!nft_set_elem_active(ext, genmask))\n continue; /* skip inactive, process active */\n\nThe consequence is that when a DELSET operation is aborted,\nnft_setelem_data_activate() is never called for the catchall element.\nFor NFT_GOTO verdict elements, this means nft_data_hold() is never\ncalled to restore the chain-\u003euse reference count. Each abort cycle\npermanently decrements chain-\u003euse. Once chain-\u003euse reaches zero,\nDELCHAIN succeeds and frees the chain while catchall verdict elements\nstill reference it, resulting in a use-after-free.\n\nThis is exploitable for local privilege escalation from an unprivileged\nuser via user namespaces + nftables on distributions that enable\nCONFIG_USER_NS and CONFIG_NF_TABLES.\n\nFix by removing the negation so the check matches nft_mapelem_activate():\nskip active elements, process inactive ones.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23111",
"url": "https://www.suse.com/security/cve/CVE-2026-23111"
},
{
"category": "external",
"summary": "SUSE Bug 1258181 for CVE-2026-23111",
"url": "https://bugzilla.suse.com/1258181"
},
{
"category": "external",
"summary": "SUSE Bug 1258183 for CVE-2026-23111",
"url": "https://bugzilla.suse.com/1258183"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2026-23111"
},
{
"cve": "CVE-2026-23112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23112"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec\n\nnvmet_tcp_build_pdu_iovec() could walk past cmd-\u003ereq.sg when a PDU\nlength or offset exceeds sg_cnt and then use bogus sg-\u003elength/offset\nvalues, leading to _copy_to_iter() GPF/KASAN. Guard sg_idx, remaining\nentries, and sg-\u003elength/offset before building the bvec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23112",
"url": "https://www.suse.com/security/cve/CVE-2026-23112"
},
{
"category": "external",
"summary": "SUSE Bug 1258184 for CVE-2026-23112",
"url": "https://bugzilla.suse.com/1258184"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23112"
},
{
"cve": "CVE-2026-23113",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23113"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop\n\nCurrently this is checked before running the pending work. Normally this\nis quite fine, as work items either end up blocking (which will create a\nnew worker for other items), or they complete fairly quickly. But syzbot\nreports an issue where io-wq takes seemingly forever to exit, and with a\nbit of debugging, this turns out to be because it queues a bunch of big\n(2GB - 4096b) reads with a /dev/msr* file. Since this file type doesn\u0027t\nsupport -\u003eread_iter(), loop_rw_iter() ends up handling them. Each read\nreturns 16MB of data read, which takes 20 (!!) seconds. With a bunch of\nthese pending, processing the whole chain can take a long time. Easily\nlonger than the syzbot uninterruptible sleep timeout of 140 seconds.\nThis then triggers a complaint off the io-wq exit path:\n\nINFO: task syz.4.135:6326 blocked for more than 143 seconds.\n Not tainted syzkaller #0\n Blocked by coredump.\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz.4.135 state:D stack:26824 pid:6326 tgid:6324 ppid:5957 task_flags:0x400548 flags:0x00080000\nCall Trace:\n \u003cTASK\u003e\n context_switch kernel/sched/core.c:5256 [inline]\n __schedule+0x1139/0x6150 kernel/sched/core.c:6863\n __schedule_loop kernel/sched/core.c:6945 [inline]\n schedule+0xe7/0x3a0 kernel/sched/core.c:6960\n schedule_timeout+0x257/0x290 kernel/time/sleep_timeout.c:75\n do_wait_for_common kernel/sched/completion.c:100 [inline]\n __wait_for_common+0x2fc/0x4e0 kernel/sched/completion.c:121\n io_wq_exit_workers io_uring/io-wq.c:1328 [inline]\n io_wq_put_and_exit+0x271/0x8a0 io_uring/io-wq.c:1356\n io_uring_clean_tctx+0x10d/0x190 io_uring/tctx.c:203\n io_uring_cancel_generic+0x69c/0x9a0 io_uring/cancel.c:651\n io_uring_files_cancel include/linux/io_uring.h:19 [inline]\n do_exit+0x2ce/0x2bd0 kernel/exit.c:911\n do_group_exit+0xd3/0x2a0 kernel/exit.c:1112\n get_signal+0x2671/0x26d0 kernel/signal.c:3034\n arch_do_signal_or_restart+0x8f/0x7e0 arch/x86/kernel/signal.c:337\n __exit_to_user_mode_loop kernel/entry/common.c:41 [inline]\n exit_to_user_mode_loop+0x8c/0x540 kernel/entry/common.c:75\n __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]\n syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]\n do_syscall_64+0x4ee/0xf80 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa02738f749\nRSP: 002b:00007fa0281ae0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca\nRAX: fffffffffffffe00 RBX: 00007fa0275e6098 RCX: 00007fa02738f749\nRDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fa0275e6098\nRBP: 00007fa0275e6090 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007fa0275e6128 R14: 00007fff14e4fcb0 R15: 00007fff14e4fd98\n\nThere\u0027s really nothing wrong here, outside of processing these reads\nwill take a LONG time. However, we can speed up the exit by checking the\nIO_WQ_BIT_EXIT inside the io_worker_handle_work() loop, as syzbot will\nexit the ring after queueing up all of these reads. Then once the first\nitem is processed, io-wq will simply cancel the rest. That should avoid\nsyzbot running into this complaint again.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23113",
"url": "https://www.suse.com/security/cve/CVE-2026-23113"
},
{
"category": "external",
"summary": "SUSE Bug 1258278 for CVE-2026-23113",
"url": "https://bugzilla.suse.com/1258278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23113"
},
{
"cve": "CVE-2026-23116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu\n\nFor i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset\nand clock enable bits, but is ungated and reset together with the VPUs.\nSo we can\u0027t reset G1 or G2 separately, it may led to the system hang.\nRemove rst_mask and clk_mask of imx8mq_vpu_blk_ctl_domain_data.\nLet imx8mq_vpu_power_notifier() do really vpu reset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23116",
"url": "https://www.suse.com/security/cve/CVE-2026-23116"
},
{
"category": "external",
"summary": "SUSE Bug 1258277 for CVE-2026-23116",
"url": "https://bugzilla.suse.com/1258277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23116"
},
{
"cve": "CVE-2026-23119",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23119"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: provide a net pointer to __skb_flow_dissect()\n\nAfter 3cbf4ffba5ee (\"net: plumb network namespace into __skb_flow_dissect\")\nwe have to provide a net pointer to __skb_flow_dissect(),\neither via skb-\u003edev, skb-\u003esk, or a user provided pointer.\n\nIn the following case, syzbot was able to cook a bare skb.\n\nWARNING: net/core/flow_dissector.c:1131 at __skb_flow_dissect+0xb57/0x68b0 net/core/flow_dissector.c:1131, CPU#1: syz.2.1418/11053\nCall Trace:\n \u003cTASK\u003e\n bond_flow_dissect drivers/net/bonding/bond_main.c:4093 [inline]\n __bond_xmit_hash+0x2d7/0xba0 drivers/net/bonding/bond_main.c:4157\n bond_xmit_hash_xdp drivers/net/bonding/bond_main.c:4208 [inline]\n bond_xdp_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5139 [inline]\n bond_xdp_get_xmit_slave+0x1fd/0x710 drivers/net/bonding/bond_main.c:5515\n xdp_master_redirect+0x13f/0x2c0 net/core/filter.c:4388\n bpf_prog_run_xdp include/net/xdp.h:700 [inline]\n bpf_test_run+0x6b2/0x7d0 net/bpf/test_run.c:421\n bpf_prog_test_run_xdp+0x795/0x10e0 net/bpf/test_run.c:1390\n bpf_prog_test_run+0x2c7/0x340 kernel/bpf/syscall.c:4703\n __sys_bpf+0x562/0x860 kernel/bpf/syscall.c:6182\n __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6272\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23119",
"url": "https://www.suse.com/security/cve/CVE-2026-23119"
},
{
"category": "external",
"summary": "SUSE Bug 1258273 for CVE-2026-23119",
"url": "https://bugzilla.suse.com/1258273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23119"
},
{
"cve": "CVE-2026-23121",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23121"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: annotate data-race around dev-\u003ework\n\ndev-\u003ework can re read locklessly in mISDN_read()\nand mISDN_poll(). Add READ_ONCE()/WRITE_ONCE() annotations.\n\nBUG: KCSAN: data-race in mISDN_ioctl / mISDN_read\n\nwrite to 0xffff88812d848280 of 4 bytes by task 10864 on cpu 1:\n misdn_add_timer drivers/isdn/mISDN/timerdev.c:175 [inline]\n mISDN_ioctl+0x2fb/0x550 drivers/isdn/mISDN/timerdev.c:233\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0xce/0x140 fs/ioctl.c:583\n __x64_sys_ioctl+0x43/0x50 fs/ioctl.c:583\n x64_sys_call+0x14b0/0x3000 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff88812d848280 of 4 bytes by task 10857 on cpu 0:\n mISDN_read+0x1f2/0x470 drivers/isdn/mISDN/timerdev.c:112\n do_loop_readv_writev fs/read_write.c:847 [inline]\n vfs_readv+0x3fb/0x690 fs/read_write.c:1020\n do_readv+0xe7/0x210 fs/read_write.c:1080\n __do_sys_readv fs/read_write.c:1165 [inline]\n __se_sys_readv fs/read_write.c:1162 [inline]\n __x64_sys_readv+0x45/0x50 fs/read_write.c:1162\n x64_sys_call+0x2831/0x3000 arch/x86/include/generated/asm/syscalls_64.h:20\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xd8/0x2c0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nvalue changed: 0x00000000 -\u003e 0x00000001",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23121",
"url": "https://www.suse.com/security/cve/CVE-2026-23121"
},
{
"category": "external",
"summary": "SUSE Bug 1258309 for CVE-2026-23121",
"url": "https://bugzilla.suse.com/1258309"
},
{
"category": "external",
"summary": "SUSE Bug 1259135 for CVE-2026-23121",
"url": "https://bugzilla.suse.com/1259135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2026-23121"
},
{
"cve": "CVE-2026-23129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23129"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: Prevent duplicate registrations\n\nModify the internal registration helpers dpll_xa_ref_{dpll,pin}_add()\nto reject duplicate registration attempts.\n\nPreviously, if a caller attempted to register the same pin multiple\ntimes (with the same ops, priv, and cookie) on the same device, the core\nsilently increments the reference count and return success. This behavior\nis incorrect because if the caller makes these duplicate registrations\nthen for the first one dpll_pin_registration is allocated and for others\nthe associated dpll_pin_ref.refcount is incremented. During the first\nunregistration the associated dpll_pin_registration is freed and for\nothers WARN is fired.\n\nFix this by updating the logic to return `-EEXIST` if a matching\nregistration is found to enforce a strict \"register once\" policy.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23129",
"url": "https://www.suse.com/security/cve/CVE-2026-23129"
},
{
"category": "external",
"summary": "SUSE Bug 1258299 for CVE-2026-23129",
"url": "https://bugzilla.suse.com/1258299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23129"
},
{
"cve": "CVE-2026-23133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: fix dma_free_coherent() pointer\n\ndma_alloc_coherent() allocates a DMA mapped buffer and stores the\naddresses in XXX_unaligned fields. Those should be reused when freeing\nthe buffer rather than the aligned addresses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23133",
"url": "https://www.suse.com/security/cve/CVE-2026-23133"
},
{
"category": "external",
"summary": "SUSE Bug 1258249 for CVE-2026-23133",
"url": "https://bugzilla.suse.com/1258249"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23133"
},
{
"cve": "CVE-2026-23135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23135"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix dma_free_coherent() pointer\n\ndma_alloc_coherent() allocates a DMA mapped buffer and stores the\naddresses in XXX_unaligned fields. Those should be reused when freeing\nthe buffer rather than the aligned addresses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23135",
"url": "https://www.suse.com/security/cve/CVE-2026-23135"
},
{
"category": "external",
"summary": "SUSE Bug 1258245 for CVE-2026-23135",
"url": "https://bugzilla.suse.com/1258245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23135"
},
{
"cve": "CVE-2026-23139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23139"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conncount: update last_gc only when GC has been performed\n\nCurrently last_gc is being updated everytime a new connection is\ntracked, that means that it is updated even if a GC wasn\u0027t performed.\nWith a sufficiently high packet rate, it is possible to always bypass\nthe GC, causing the list to grow infinitely.\n\nUpdate the last_gc value only when a GC has been actually performed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23139",
"url": "https://www.suse.com/security/cve/CVE-2026-23139"
},
{
"category": "external",
"summary": "SUSE Bug 1258304 for CVE-2026-23139",
"url": "https://bugzilla.suse.com/1258304"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23139"
},
{
"cve": "CVE-2026-23141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23141"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: send: check for inline extents in range_is_hole_in_parent()\n\nBefore accessing the disk_bytenr field of a file extent item we need\nto check if we are dealing with an inline extent.\nThis is because for inline extents their data starts at the offset of\nthe disk_bytenr field. So accessing the disk_bytenr\nmeans we are accessing inline data or in case the inline data is less\nthan 8 bytes we can actually cause an invalid\nmemory access if this inline extent item is the first item in the leaf\nor access metadata from other items.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23141",
"url": "https://www.suse.com/security/cve/CVE-2026-23141"
},
{
"category": "external",
"summary": "SUSE Bug 1258377 for CVE-2026-23141",
"url": "https://bugzilla.suse.com/1258377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23141"
},
{
"cve": "CVE-2026-23145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23145"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix iloc.bh leak in ext4_xattr_inode_update_ref\n\nThe error branch for ext4_xattr_inode_update_ref forget to release the\nrefcount for iloc.bh. Find this when review code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23145",
"url": "https://www.suse.com/security/cve/CVE-2026-23145"
},
{
"category": "external",
"summary": "SUSE Bug 1258326 for CVE-2026-23145",
"url": "https://bugzilla.suse.com/1258326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23145"
},
{
"cve": "CVE-2026-23146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23146"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work\n\nhci_uart_set_proto() sets HCI_UART_PROTO_INIT before calling\nhci_uart_register_dev(), which calls proto-\u003eopen() to initialize\nhu-\u003epriv. However, if a TTY write wakeup occurs during this window,\nhci_uart_tx_wakeup() may schedule write_work before hu-\u003epriv is\ninitialized, leading to a NULL pointer dereference in\nhci_uart_write_work() when proto-\u003edequeue() accesses hu-\u003epriv.\n\nThe race condition is:\n\n CPU0 CPU1\n ---- ----\n hci_uart_set_proto()\n set_bit(HCI_UART_PROTO_INIT)\n hci_uart_register_dev()\n tty write wakeup\n hci_uart_tty_wakeup()\n hci_uart_tx_wakeup()\n schedule_work(\u0026hu-\u003ewrite_work)\n proto-\u003eopen(hu)\n // initializes hu-\u003epriv\n hci_uart_write_work()\n hci_uart_dequeue()\n proto-\u003edequeue(hu)\n // accesses hu-\u003epriv (NULL!)\n\nFix this by moving set_bit(HCI_UART_PROTO_INIT) after proto-\u003eopen()\nsucceeds, ensuring hu-\u003epriv is initialized before any work can be\nscheduled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23146",
"url": "https://www.suse.com/security/cve/CVE-2026-23146"
},
{
"category": "external",
"summary": "SUSE Bug 1258234 for CVE-2026-23146",
"url": "https://bugzilla.suse.com/1258234"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23146"
},
{
"cve": "CVE-2026-23150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: Fix memleak in nfc_llcp_send_ui_frame().\n\nsyzbot reported various memory leaks related to NFC, struct\nnfc_llcp_sock, sk_buff, nfc_dev, etc. [0]\n\nThe leading log hinted that nfc_llcp_send_ui_frame() failed\nto allocate skb due to sock_error(sk) being -ENXIO.\n\nENXIO is set by nfc_llcp_socket_release() when struct\nnfc_llcp_local is destroyed by local_cleanup().\n\nThe problem is that there is no synchronisation between\nnfc_llcp_send_ui_frame() and local_cleanup(), and skb\ncould be put into local-\u003etx_queue after it was purged in\nlocal_cleanup():\n\n CPU1 CPU2\n ---- ----\n nfc_llcp_send_ui_frame() local_cleanup()\n |- do { \u0027\n |- pdu = nfc_alloc_send_skb(..., \u0026err)\n | .\n | |- nfc_llcp_socket_release(local, false, ENXIO);\n | |- skb_queue_purge(\u0026local-\u003etx_queue); |\n | \u0027 |\n |- skb_queue_tail(\u0026local-\u003etx_queue, pdu); |\n ... |\n |- pdu = nfc_alloc_send_skb(..., \u0026err) |\n ^._________________________________.\u0027\n\nlocal_cleanup() is called for struct nfc_llcp_local only\nafter nfc_llcp_remove_local() unlinks it from llcp_devices.\n\nIf we hold local-\u003etx_queue.lock then, we can synchronise\nthe thread and nfc_llcp_send_ui_frame().\n\nLet\u0027s do that and check list_empty(\u0026local-\u003elist) before\nqueuing skb to local-\u003etx_queue in nfc_llcp_send_ui_frame().\n\n[0]:\n[ 56.074943][ T6096] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-6)\n[ 64.318868][ T5813] kmemleak: 6 new suspected memory leaks (see /sys/kernel/debug/kmemleak)\nBUG: memory leak\nunreferenced object 0xffff8881272f6800 (size 1024):\n comm \"syz.0.17\", pid 6096, jiffies 4294942766\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 27 00 03 40 00 00 00 00 00 00 00 00 00 00 00 00 \u0027..@............\n backtrace (crc da58d84d):\n kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n slab_post_alloc_hook mm/slub.c:4979 [inline]\n slab_alloc_node mm/slub.c:5284 [inline]\n __do_kmalloc_node mm/slub.c:5645 [inline]\n __kmalloc_noprof+0x3e3/0x6b0 mm/slub.c:5658\n kmalloc_noprof include/linux/slab.h:961 [inline]\n sk_prot_alloc+0x11a/0x1b0 net/core/sock.c:2239\n sk_alloc+0x36/0x360 net/core/sock.c:2295\n nfc_llcp_sock_alloc+0x37/0x130 net/nfc/llcp_sock.c:979\n llcp_sock_create+0x71/0xd0 net/nfc/llcp_sock.c:1044\n nfc_sock_create+0xc9/0xf0 net/nfc/af_nfc.c:31\n __sock_create+0x1a9/0x340 net/socket.c:1605\n sock_create net/socket.c:1663 [inline]\n __sys_socket_create net/socket.c:1700 [inline]\n __sys_socket+0xb9/0x1a0 net/socket.c:1747\n __do_sys_socket net/socket.c:1761 [inline]\n __se_sys_socket net/socket.c:1759 [inline]\n __x64_sys_socket+0x1b/0x30 net/socket.c:1759\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xa4/0xfa0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nBUG: memory leak\nunreferenced object 0xffff88810fbd9800 (size 240):\n comm \"syz.0.17\", pid 6096, jiffies 4294942850\n hex dump (first 32 bytes):\n 68 f0 ff 08 81 88 ff ff 68 f0 ff 08 81 88 ff ff h.......h.......\n 00 00 00 00 00 00 00 00 00 68 2f 27 81 88 ff ff .........h/\u0027....\n backtrace (crc 6cc652b1):\n kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n slab_post_alloc_hook mm/slub.c:4979 [inline]\n slab_alloc_node mm/slub.c:5284 [inline]\n kmem_cache_alloc_node_noprof+0x36f/0x5e0 mm/slub.c:5336\n __alloc_skb+0x203/0x240 net/core/skbuff.c:660\n alloc_skb include/linux/skbuff.h:1383 [inline]\n alloc_skb_with_frags+0x69/0x3f0 net/core/sk\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23150",
"url": "https://www.suse.com/security/cve/CVE-2026-23150"
},
{
"category": "external",
"summary": "SUSE Bug 1258354 for CVE-2026-23150",
"url": "https://bugzilla.suse.com/1258354"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23150"
},
{
"cve": "CVE-2026-23151",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23151"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: MGMT: Fix memory leak in set_ssp_complete\n\nFix memory leak in set_ssp_complete() where mgmt_pending_cmd structures\nare not freed after being removed from the pending list.\n\nCommit 302a1f674c00 (\"Bluetooth: MGMT: Fix possible UAFs\") replaced\nmgmt_pending_foreach() calls with individual command handling but missed\nadding mgmt_pending_free() calls in both error and success paths of\nset_ssp_complete(). Other completion functions like set_le_complete()\nwere fixed correctly in the same commit.\n\nThis causes a memory leak of the mgmt_pending_cmd structure and its\nassociated parameter data for each SSP command that completes.\n\nAdd the missing mgmt_pending_free(cmd) calls in both code paths to fix\nthe memory leak. Also fix the same issue in set_advertising_complete().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23151",
"url": "https://www.suse.com/security/cve/CVE-2026-23151"
},
{
"category": "external",
"summary": "SUSE Bug 1258237 for CVE-2026-23151",
"url": "https://bugzilla.suse.com/1258237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23151"
},
{
"cve": "CVE-2026-23152",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23152"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: correctly decode TTLM with default link map\n\nTID-To-Link Mapping (TTLM) elements do not contain any link mapping\npresence indicator if a default mapping is used and parsing needs to be\nskipped.\n\nNote that access points should not explicitly report an advertised TTLM\nwith a default mapping as that is the implied mapping if the element is\nnot included, this is even the case when switching back to the default\nmapping. However, mac80211 would incorrectly parse the frame and would\nalso read one byte beyond the end of the element.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23152",
"url": "https://www.suse.com/security/cve/CVE-2026-23152"
},
{
"category": "external",
"summary": "SUSE Bug 1258252 for CVE-2026-23152",
"url": "https://bugzilla.suse.com/1258252"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23152"
},
{
"cve": "CVE-2026-23155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23155"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: gs_usb: gs_usb_receive_bulk_callback(): fix error message\n\nSinc commit 79a6d1bfe114 (\"can: gs_usb: gs_usb_receive_bulk_callback():\nunanchor URL on usb_submit_urb() error\") a failing resubmit URB will print\nan info message.\n\nIn the case of a short read where netdev has not yet been assigned,\ninitialize as NULL to avoid dereferencing an undefined value. Also report\nthe error value of the failed resubmit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23155",
"url": "https://www.suse.com/security/cve/CVE-2026-23155"
},
{
"category": "external",
"summary": "SUSE Bug 1258313 for CVE-2026-23155",
"url": "https://bugzilla.suse.com/1258313"
},
{
"category": "external",
"summary": "SUSE Bug 1258315 for CVE-2026-23155",
"url": "https://bugzilla.suse.com/1258315"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2026-23155"
},
{
"cve": "CVE-2026-23156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23156"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: fix error propagation in efivar_entry_get()\n\nefivar_entry_get() always returns success even if the underlying\n__efivar_entry_get() fails, masking errors.\n\nThis may result in uninitialized heap memory being copied to userspace\nin the efivarfs_file_read() path.\n\nFix it by returning the error from __efivar_entry_get().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23156",
"url": "https://www.suse.com/security/cve/CVE-2026-23156"
},
{
"category": "external",
"summary": "SUSE Bug 1258317 for CVE-2026-23156",
"url": "https://bugzilla.suse.com/1258317"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23156"
},
{
"cve": "CVE-2026-23163",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23163"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove\n\nOn APUs such as Raven and Renoir (GC 9.1.0, 9.2.2, 9.3.0), the ih1 and\nih2 interrupt ring buffers are not initialized. This is by design, as\nthese secondary IH rings are only available on discrete GPUs. See\nvega10_ih_sw_init() which explicitly skips ih1/ih2 initialization when\nAMD_IS_APU is set.\n\nHowever, amdgpu_gmc_filter_faults_remove() unconditionally uses ih1 to\nget the timestamp of the last interrupt entry. When retry faults are\nenabled on APUs (noretry=0), this function is called from the SVM page\nfault recovery path, resulting in a NULL pointer dereference when\namdgpu_ih_decode_iv_ts_helper() attempts to access ih-\u003ering[].\n\nThe crash manifests as:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000004\n RIP: 0010:amdgpu_ih_decode_iv_ts_helper+0x22/0x40 [amdgpu]\n Call Trace:\n amdgpu_gmc_filter_faults_remove+0x60/0x130 [amdgpu]\n svm_range_restore_pages+0xae5/0x11c0 [amdgpu]\n amdgpu_vm_handle_fault+0xc8/0x340 [amdgpu]\n gmc_v9_0_process_interrupt+0x191/0x220 [amdgpu]\n amdgpu_irq_dispatch+0xed/0x2c0 [amdgpu]\n amdgpu_ih_process+0x84/0x100 [amdgpu]\n\nThis issue was exposed by commit 1446226d32a4 (\"drm/amdgpu: Remove GC HW\nIP 9.3.0 from noretry=1\") which changed the default for Renoir APU from\nnoretry=1 to noretry=0, enabling retry fault handling and thus\nexercising the buggy code path.\n\nFix this by adding a check for ih1.ring_size before attempting to use\nit. Also restore the soft_ih support from commit dd299441654f (\"drm/amdgpu:\nRework retry fault removal\"). This is needed if the hardware doesn\u0027t\nsupport secondary HW IH rings.\n\nv2: additional updates (Alex)\n\n(cherry picked from commit 6ce8d536c80aa1f059e82184f0d1994436b1d526)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23163",
"url": "https://www.suse.com/security/cve/CVE-2026-23163"
},
{
"category": "external",
"summary": "SUSE Bug 1258544 for CVE-2026-23163",
"url": "https://bugzilla.suse.com/1258544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23163"
},
{
"cve": "CVE-2026-23166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23166"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix NULL pointer dereference in ice_vsi_set_napi_queues\n\nAdd NULL pointer checks in ice_vsi_set_napi_queues() to prevent crashes\nduring resume from suspend when rings[q_idx]-\u003eq_vector is NULL.\n\nTested adaptor:\n60:00.0 Ethernet controller [0200]: Intel Corporation Ethernet Controller E810-XXV for SFP [8086:159b] (rev 02)\n Subsystem: Intel Corporation Ethernet Network Adapter E810-XXV-2 [8086:4003]\n\nSR-IOV state: both disabled and enabled can reproduce this issue.\n\nkernel version: v6.18\n\nReproduce steps:\nBoot up and execute suspend like systemctl suspend or rtcwake.\n\nLog:\n\u003c1\u003e[ 231.443607] BUG: kernel NULL pointer dereference, address: 0000000000000040\n\u003c1\u003e[ 231.444052] #PF: supervisor read access in kernel mode\n\u003c1\u003e[ 231.444484] #PF: error_code(0x0000) - not-present page\n\u003c6\u003e[ 231.444913] PGD 0 P4D 0\n\u003c4\u003e[ 231.445342] Oops: Oops: 0000 [#1] SMP NOPTI\n\u003c4\u003e[ 231.446635] RIP: 0010:netif_queue_set_napi+0xa/0x170\n\u003c4\u003e[ 231.447067] Code: 31 f6 31 ff c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 48 85 c9 74 0b \u003c48\u003e 83 79 30 00 0f 84 39 01 00 00 55 41 89 d1 49 89 f8 89 f2 48 89\n\u003c4\u003e[ 231.447513] RSP: 0018:ffffcc780fc078c0 EFLAGS: 00010202\n\u003c4\u003e[ 231.447961] RAX: ffff8b848ca30400 RBX: ffff8b848caf2028 RCX: 0000000000000010\n\u003c4\u003e[ 231.448443] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8b848dbd4000\n\u003c4\u003e[ 231.448896] RBP: ffffcc780fc078e8 R08: 0000000000000000 R09: 0000000000000000\n\u003c4\u003e[ 231.449345] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001\n\u003c4\u003e[ 231.449817] R13: ffff8b848dbd4000 R14: ffff8b84833390c8 R15: 0000000000000000\n\u003c4\u003e[ 231.450265] FS: 00007c7b29e9d740(0000) GS:ffff8b8c068e2000(0000) knlGS:0000000000000000\n\u003c4\u003e[ 231.450715] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\u003c4\u003e[ 231.451179] CR2: 0000000000000040 CR3: 000000030626f004 CR4: 0000000000f72ef0\n\u003c4\u003e[ 231.451629] PKRU: 55555554\n\u003c4\u003e[ 231.452076] Call Trace:\n\u003c4\u003e[ 231.452549] \u003cTASK\u003e\n\u003c4\u003e[ 231.452996] ? ice_vsi_set_napi_queues+0x4d/0x110 [ice]\n\u003c4\u003e[ 231.453482] ice_resume+0xfd/0x220 [ice]\n\u003c4\u003e[ 231.453977] ? __pfx_pci_pm_resume+0x10/0x10\n\u003c4\u003e[ 231.454425] pci_pm_resume+0x8c/0x140\n\u003c4\u003e[ 231.454872] ? __pfx_pci_pm_resume+0x10/0x10\n\u003c4\u003e[ 231.455347] dpm_run_callback+0x5f/0x160\n\u003c4\u003e[ 231.455796] ? dpm_wait_for_superior+0x107/0x170\n\u003c4\u003e[ 231.456244] device_resume+0x177/0x270\n\u003c4\u003e[ 231.456708] dpm_resume+0x209/0x2f0\n\u003c4\u003e[ 231.457151] dpm_resume_end+0x15/0x30\n\u003c4\u003e[ 231.457596] suspend_devices_and_enter+0x1da/0x2b0\n\u003c4\u003e[ 231.458054] enter_state+0x10e/0x570\n\nAdd defensive checks for both the ring pointer and its q_vector\nbefore dereferencing, allowing the system to resume successfully even when\nq_vectors are unmapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23166",
"url": "https://www.suse.com/security/cve/CVE-2026-23166"
},
{
"category": "external",
"summary": "SUSE Bug 1258272 for CVE-2026-23166",
"url": "https://bugzilla.suse.com/1258272"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23166"
},
{
"cve": "CVE-2026-23167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23167"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: Fix race between rfkill and nci_unregister_device().\n\nsyzbot reported the splat below [0] without a repro.\n\nIt indicates that struct nci_dev.cmd_wq had been destroyed before\nnci_close_device() was called via rfkill.\n\nnci_dev.cmd_wq is only destroyed in nci_unregister_device(), which\n(I think) was called from virtual_ncidev_close() when syzbot close()d\nan fd of virtual_ncidev.\n\nThe problem is that nci_unregister_device() destroys nci_dev.cmd_wq\nfirst and then calls nfc_unregister_device(), which removes the\ndevice from rfkill by rfkill_unregister().\n\nSo, the device is still visible via rfkill even after nci_dev.cmd_wq\nis destroyed.\n\nLet\u0027s unregister the device from rfkill first in nci_unregister_device().\n\nNote that we cannot call nfc_unregister_device() before\nnci_close_device() because\n\n 1) nfc_unregister_device() calls device_del() which frees\n all memory allocated by devm_kzalloc() and linked to\n ndev-\u003econn_info_list\n\n 2) nci_rx_work() could try to queue nci_conn_info to\n ndev-\u003econn_info_list which could be leaked\n\nThus, nfc_unregister_device() is split into two functions so we\ncan remove rfkill interfaces only before nci_close_device().\n\n[0]:\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: kernel/locking/lockdep.c:238 at hlock_class kernel/locking/lockdep.c:238 [inline], CPU#0: syz.0.8675/6349\nWARNING: kernel/locking/lockdep.c:238 at check_wait_context kernel/locking/lockdep.c:4854 [inline], CPU#0: syz.0.8675/6349\nWARNING: kernel/locking/lockdep.c:238 at __lock_acquire+0x39d/0x2cf0 kernel/locking/lockdep.c:5187, CPU#0: syz.0.8675/6349\nModules linked in:\nCPU: 0 UID: 0 PID: 6349 Comm: syz.0.8675 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026\nRIP: 0010:hlock_class kernel/locking/lockdep.c:238 [inline]\nRIP: 0010:check_wait_context kernel/locking/lockdep.c:4854 [inline]\nRIP: 0010:__lock_acquire+0x3a4/0x2cf0 kernel/locking/lockdep.c:5187\nCode: 18 00 4c 8b 74 24 08 75 27 90 e8 17 f2 fc 02 85 c0 74 1c 83 3d 50 e0 4e 0e 00 75 13 48 8d 3d 43 f7 51 0e 48 c7 c6 8b 3a de 8d \u003c67\u003e 48 0f b9 3a 90 31 c0 0f b6 98 c4 00 00 00 41 8b 45 20 25 ff 1f\nRSP: 0018:ffffc9000c767680 EFLAGS: 00010046\nRAX: 0000000000000001 RBX: 0000000000040000 RCX: 0000000000080000\nRDX: ffffc90013080000 RSI: ffffffff8dde3a8b RDI: ffffffff8ff24ca0\nRBP: 0000000000000003 R08: ffffffff8fef35a3 R09: 1ffffffff1fde6b4\nR10: dffffc0000000000 R11: fffffbfff1fde6b5 R12: 00000000000012a2\nR13: ffff888030338ba8 R14: ffff888030338000 R15: ffff888030338b30\nFS: 00007fa5995f66c0(0000) GS:ffff8881256f8000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f7e72f842d0 CR3: 00000000485a0000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0x106/0x330 kernel/locking/lockdep.c:5868\n touch_wq_lockdep_map+0xcb/0x180 kernel/workqueue.c:3940\n __flush_workqueue+0x14b/0x14f0 kernel/workqueue.c:3982\n nci_close_device+0x302/0x630 net/nfc/nci/core.c:567\n nci_dev_down+0x3b/0x50 net/nfc/nci/core.c:639\n nfc_dev_down+0x152/0x290 net/nfc/core.c:161\n nfc_rfkill_set_block+0x2d/0x100 net/nfc/core.c:179\n rfkill_set_block+0x1d2/0x440 net/rfkill/core.c:346\n rfkill_fop_write+0x461/0x5a0 net/rfkill/core.c:1301\n vfs_write+0x29a/0xb90 fs/read_write.c:684\n ksys_write+0x150/0x270 fs/read_write.c:738\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe2/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fa59b39acb9\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fa5995f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fa59b615fa0 RCX: 00007fa59b39acb9\nRDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000007\nRBP: 00007fa59b408bf7 R08: \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23167",
"url": "https://www.suse.com/security/cve/CVE-2026-23167"
},
{
"category": "external",
"summary": "SUSE Bug 1258374 for CVE-2026-23167",
"url": "https://bugzilla.suse.com/1258374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23167"
},
{
"cve": "CVE-2026-23170",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23170"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/imx/tve: fix probe device leak\n\nMake sure to drop the reference taken to the DDC device during probe on\nprobe failure (e.g. probe deferral) and on driver unbind.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23170",
"url": "https://www.suse.com/security/cve/CVE-2026-23170"
},
{
"category": "external",
"summary": "SUSE Bug 1258379 for CVE-2026-23170",
"url": "https://bugzilla.suse.com/1258379"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23170"
},
{
"cve": "CVE-2026-23171",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23171"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix use-after-free due to enslave fail after slave array update\n\nFix a use-after-free which happens due to enslave failure after the new\nslave has been added to the array. Since the new slave can be used for Tx\nimmediately, we can use it after it has been freed by the enslave error\ncleanup path which frees the allocated slave memory. Slave update array is\nsupposed to be called last when further enslave failures are not expected.\nMove it after xdp setup to avoid any problems.\n\nIt is very easy to reproduce the problem with a simple xdp_pass prog:\n ip l add bond1 type bond mode balance-xor\n ip l set bond1 up\n ip l set dev bond1 xdp object xdp_pass.o sec xdp_pass\n ip l add dumdum type dummy\n\nThen run in parallel:\n while :; do ip l set dumdum master bond1 1\u003e/dev/null 2\u003e\u00261; done;\n mausezahn bond1 -a own -b rand -A rand -B 1.1.1.1 -c 0 -t tcp \"dp=1-1023, flags=syn\"\n\nThe crash happens almost immediately:\n [ 605.602850] Oops: general protection fault, probably for non-canonical address 0xe0e6fc2460000137: 0000 [#1] SMP KASAN NOPTI\n [ 605.602916] KASAN: maybe wild-memory-access in range [0x07380123000009b8-0x07380123000009bf]\n [ 605.602946] CPU: 0 UID: 0 PID: 2445 Comm: mausezahn Kdump: loaded Tainted: G B 6.19.0-rc6+ #21 PREEMPT(voluntary)\n [ 605.602979] Tainted: [B]=BAD_PAGE\n [ 605.602998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n [ 605.603032] RIP: 0010:netdev_core_pick_tx+0xcd/0x210\n [ 605.603063] Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 3e 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 6b 08 49 8d 7d 30 48 89 fa 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 25 01 00 00 49 8b 45 30 4c 89 e2 48 89 ee 48 89\n [ 605.603111] RSP: 0018:ffff88817b9af348 EFLAGS: 00010213\n [ 605.603145] RAX: dffffc0000000000 RBX: ffff88817d28b420 RCX: 0000000000000000\n [ 605.603172] RDX: 00e7002460000137 RSI: 0000000000000008 RDI: 07380123000009be\n [ 605.603199] RBP: ffff88817b541a00 R08: 0000000000000001 R09: fffffbfff3ed8c0c\n [ 605.603226] R10: ffffffff9f6c6067 R11: 0000000000000001 R12: 0000000000000000\n [ 605.603253] R13: 073801230000098e R14: ffff88817d28b448 R15: ffff88817b541a84\n [ 605.603286] FS: 00007f6570ef67c0(0000) GS:ffff888221dfa000(0000) knlGS:0000000000000000\n [ 605.603319] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 605.603343] CR2: 00007f65712fae40 CR3: 000000011371b000 CR4: 0000000000350ef0\n [ 605.603373] Call Trace:\n [ 605.603392] \u003cTASK\u003e\n [ 605.603410] __dev_queue_xmit+0x448/0x32a0\n [ 605.603434] ? __pfx_vprintk_emit+0x10/0x10\n [ 605.603461] ? __pfx_vprintk_emit+0x10/0x10\n [ 605.603484] ? __pfx___dev_queue_xmit+0x10/0x10\n [ 605.603507] ? bond_start_xmit+0xbfb/0xc20 [bonding]\n [ 605.603546] ? _printk+0xcb/0x100\n [ 605.603566] ? __pfx__printk+0x10/0x10\n [ 605.603589] ? bond_start_xmit+0xbfb/0xc20 [bonding]\n [ 605.603627] ? add_taint+0x5e/0x70\n [ 605.603648] ? add_taint+0x2a/0x70\n [ 605.603670] ? end_report.cold+0x51/0x75\n [ 605.603693] ? bond_start_xmit+0xbfb/0xc20 [bonding]\n [ 605.603731] bond_start_xmit+0x623/0xc20 [bonding]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23171",
"url": "https://www.suse.com/security/cve/CVE-2026-23171"
},
{
"category": "external",
"summary": "SUSE Bug 1258349 for CVE-2026-23171",
"url": "https://bugzilla.suse.com/1258349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23171"
},
{
"cve": "CVE-2026-23172",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23172"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: t7xx: fix potential skb-\u003efrags overflow in RX path\n\nWhen receiving data in the DPMAIF RX path,\nthe t7xx_dpmaif_set_frag_to_skb() function adds\npage fragments to an skb without checking if the number of\nfragments has exceeded MAX_SKB_FRAGS. This could lead to a buffer overflow\nin skb_shinfo(skb)-\u003efrags[] array, corrupting adjacent memory and\npotentially causing kernel crashes or other undefined behavior.\n\nThis issue was identified through static code analysis by comparing with a\nsimilar vulnerability fixed in the mt76 driver commit b102f0c522cf (\"mt76:\nfix array overflow on receiving too many fragments for a packet\").\n\nThe vulnerability could be triggered if the modem firmware sends packets\nwith excessive fragments. While under normal protocol conditions (MTU 3080\nbytes, BAT buffer 3584 bytes),\na single packet should not require additional\nfragments, the kernel should not blindly trust firmware behavior.\nMalicious, buggy, or compromised firmware could potentially craft packets\nwith more fragments than the kernel expects.\n\nFix this by adding a bounds check before calling skb_add_rx_frag() to\nensure nr_frags does not exceed MAX_SKB_FRAGS.\n\nThe check must be performed before unmapping to avoid a page leak\nand double DMA unmap during device teardown.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23172",
"url": "https://www.suse.com/security/cve/CVE-2026-23172"
},
{
"category": "external",
"summary": "SUSE Bug 1258519 for CVE-2026-23172",
"url": "https://bugzilla.suse.com/1258519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23172"
},
{
"cve": "CVE-2026-23173",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23173"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: TC, delete flows only for existing peers\n\nWhen deleting TC steering flows, iterate only over actual devcom\npeers instead of assuming all possible ports exist. This avoids\ntouching non-existent peers and ensures cleanup is limited to\ndevices the driver is currently connected to.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000008\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 133c8a067 P4D 0\n Oops: Oops: 0002 [#1] SMP\n CPU: 19 UID: 0 PID: 2169 Comm: tc Not tainted 6.18.0+ #156 NONE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:mlx5e_tc_del_fdb_peers_flow+0xbe/0x200 [mlx5_core]\n Code: 00 00 a8 08 74 a8 49 8b 46 18 f6 c4 02 74 9f 4c 8d bf a0 12 00 00 4c 89 ff e8 0e e7 96 e1 49 8b 44 24 08 49 8b 0c 24 4c 89 ff \u003c48\u003e 89 41 08 48 89 08 49 89 2c 24 49 89 5c 24 08 e8 7d ce 96 e1 49\n RSP: 0018:ff11000143867528 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: dead000000000122 RCX: 0000000000000000\n RDX: ff11000143691580 RSI: ff110001026e5000 RDI: ff11000106f3d2a0\n RBP: dead000000000100 R08: 00000000000003fd R09: 0000000000000002\n R10: ff11000101c75690 R11: ff1100085faea178 R12: ff11000115f0ae78\n R13: 0000000000000000 R14: ff11000115f0a800 R15: ff11000106f3d2a0\n FS: 00007f35236bf740(0000) GS:ff110008dc809000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000008 CR3: 0000000157a01001 CR4: 0000000000373eb0\n Call Trace:\n \u003cTASK\u003e\n mlx5e_tc_del_flow+0x46/0x270 [mlx5_core]\n mlx5e_flow_put+0x25/0x50 [mlx5_core]\n mlx5e_delete_flower+0x2a6/0x3e0 [mlx5_core]\n tc_setup_cb_reoffload+0x20/0x80\n fl_reoffload+0x26f/0x2f0 [cls_flower]\n ? mlx5e_tc_reoffload_flows_work+0xc0/0xc0 [mlx5_core]\n ? mlx5e_tc_reoffload_flows_work+0xc0/0xc0 [mlx5_core]\n tcf_block_playback_offloads+0x9e/0x1c0\n tcf_block_unbind+0x7b/0xd0\n tcf_block_setup+0x186/0x1d0\n tcf_block_offload_cmd.isra.0+0xef/0x130\n tcf_block_offload_unbind+0x43/0x70\n __tcf_block_put+0x85/0x160\n ingress_destroy+0x32/0x110 [sch_ingress]\n __qdisc_destroy+0x44/0x100\n qdisc_graft+0x22b/0x610\n tc_get_qdisc+0x183/0x4d0\n rtnetlink_rcv_msg+0x2d7/0x3d0\n ? rtnl_calcit.isra.0+0x100/0x100\n netlink_rcv_skb+0x53/0x100\n netlink_unicast+0x249/0x320\n ? __alloc_skb+0x102/0x1f0\n netlink_sendmsg+0x1e3/0x420\n __sock_sendmsg+0x38/0x60\n ____sys_sendmsg+0x1ef/0x230\n ? copy_msghdr_from_user+0x6c/0xa0\n ___sys_sendmsg+0x7f/0xc0\n ? ___sys_recvmsg+0x8a/0xc0\n ? __sys_sendto+0x119/0x180\n __sys_sendmsg+0x61/0xb0\n do_syscall_64+0x55/0x640\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7f35238bb764\n Code: 15 b9 86 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bf 0f 1f 44 00 00 f3 0f 1e fa 80 3d e5 08 0d 00 00 74 13 b8 2e 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 4c c3 0f 1f 00 55 48 89 e5 48 83 ec 20 89 55\n RSP: 002b:00007ffed4c35638 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 000055a2efcc75e0 RCX: 00007f35238bb764\n RDX: 0000000000000000 RSI: 00007ffed4c356a0 RDI: 0000000000000003\n RBP: 00007ffed4c35710 R08: 0000000000000010 R09: 00007f3523984b20\n R10: 0000000000000004 R11: 0000000000000202 R12: 00007ffed4c35790\n R13: 000000006947df8f R14: 000055a2efcc75e0 R15: 00007ffed4c35780",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23173",
"url": "https://www.suse.com/security/cve/CVE-2026-23173"
},
{
"category": "external",
"summary": "SUSE Bug 1258520 for CVE-2026-23173",
"url": "https://bugzilla.suse.com/1258520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23173"
},
{
"cve": "CVE-2026-23176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23176"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: toshiba_haps: Fix memory leaks in add/remove routines\n\ntoshiba_haps_add() leaks the haps object allocated by it if it returns\nan error after allocating that object successfully.\n\ntoshiba_haps_remove() does not free the object pointed to by\ntoshiba_haps before clearing that pointer, so it becomes unreachable\nallocated memory.\n\nAddress these memory leaks by using devm_kzalloc() for allocating\nthe memory in question.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23176",
"url": "https://www.suse.com/security/cve/CVE-2026-23176"
},
{
"category": "external",
"summary": "SUSE Bug 1258256 for CVE-2026-23176",
"url": "https://bugzilla.suse.com/1258256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23176"
},
{
"cve": "CVE-2026-23178",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23178"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report()\n\n`i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` bytes of data\ninto `ihid-\u003erawbuf`.\n\nThe former can come from the userspace in the hidraw driver and is only\nbounded by HID_MAX_BUFFER_SIZE(16384) by default (unless we also set\n`max_buffer_size` field of `struct hid_ll_driver` which we do not).\n\nThe latter has size determined at runtime by the maximum size of\ndifferent report types you could receive on any particular device and\ncan be a much smaller value.\n\nFix this by truncating `recv_len` to `ihid-\u003ebufsize - sizeof(__le16)`.\n\nThe impact is low since access to hidraw devices requires root.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23178",
"url": "https://www.suse.com/security/cve/CVE-2026-23178"
},
{
"category": "external",
"summary": "SUSE Bug 1258358 for CVE-2026-23178",
"url": "https://bugzilla.suse.com/1258358"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23178"
},
{
"cve": "CVE-2026-23179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23179"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()\n\nWhen the socket is closed while in TCP_LISTEN a callback is run to\nflush all outstanding packets, which in turns calls\nnvmet_tcp_listen_data_ready() with the sk_callback_lock held.\nSo we need to check if we are in TCP_LISTEN before attempting\nto get the sk_callback_lock() to avoid a deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23179",
"url": "https://www.suse.com/security/cve/CVE-2026-23179"
},
{
"category": "external",
"summary": "SUSE Bug 1258394 for CVE-2026-23179",
"url": "https://bugzilla.suse.com/1258394"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23179"
},
{
"cve": "CVE-2026-23182",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23182"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra: Fix a memory leak in tegra_slink_probe()\n\nIn tegra_slink_probe(), when platform_get_irq() fails, it directly\nreturns from the function with an error code, which causes a memory leak.\n\nReplace it with a goto label to ensure proper cleanup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23182",
"url": "https://www.suse.com/security/cve/CVE-2026-23182"
},
{
"category": "external",
"summary": "SUSE Bug 1258259 for CVE-2026-23182",
"url": "https://bugzilla.suse.com/1258259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23182"
},
{
"cve": "CVE-2026-23190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23190"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: amd: fix memory leak in acp3x pdm dma ops",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23190",
"url": "https://www.suse.com/security/cve/CVE-2026-23190"
},
{
"category": "external",
"summary": "SUSE Bug 1258397 for CVE-2026-23190",
"url": "https://bugzilla.suse.com/1258397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23190"
},
{
"cve": "CVE-2026-23191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23191"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: aloop: Fix racy access at PCM trigger\n\nThe PCM trigger callback of aloop driver tries to check the PCM state\nand stop the stream of the tied substream in the corresponding cable.\nSince both check and stop operations are performed outside the cable\nlock, this may result in UAF when a program attempts to trigger\nfrequently while opening/closing the tied stream, as spotted by\nfuzzers.\n\nFor addressing the UAF, this patch changes two things:\n- It covers the most of code in loopback_check_format() with\n cable-\u003elock spinlock, and add the proper NULL checks. This avoids\n already some racy accesses.\n- In addition, now we try to check the state of the capture PCM stream\n that may be stopped in this function, which was the major pain point\n leading to UAF.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23191",
"url": "https://www.suse.com/security/cve/CVE-2026-23191"
},
{
"category": "external",
"summary": "SUSE Bug 1258395 for CVE-2026-23191",
"url": "https://bugzilla.suse.com/1258395"
},
{
"category": "external",
"summary": "SUSE Bug 1258396 for CVE-2026-23191",
"url": "https://bugzilla.suse.com/1258396"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2026-23191"
},
{
"cve": "CVE-2026-23198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Don\u0027t clobber irqfd routing type when deassigning irqfd\n\nWhen deassigning a KVM_IRQFD, don\u0027t clobber the irqfd\u0027s copy of the IRQ\u0027s\nrouting entry as doing so breaks kvm_arch_irq_bypass_del_producer() on x86\nand arm64, which explicitly look for KVM_IRQ_ROUTING_MSI. Instead, to\nhandle a concurrent routing update, verify that the irqfd is still active\nbefore consuming the routing information. As evidenced by the x86 and\narm64 bugs, and another bug in kvm_arch_update_irqfd_routing() (see below),\nclobbering the entry type without notifying arch code is surprising and\nerror prone.\n\nAs a bonus, checking that the irqfd is active provides a convenient\nlocation for documenting _why_ KVM must not consume the routing entry for\nan irqfd that is in the process of being deassigned: once the irqfd is\ndeleted from the list (which happens *before* the eventfd is detached), it\nwill no longer receive updates via kvm_irq_routing_update(), and so KVM\ncould deliver an event using stale routing information (relative to\nKVM_SET_GSI_ROUTING returning to userspace).\n\nAs an even better bonus, explicitly checking for the irqfd being active\nfixes a similar bug to the one the clobbering is trying to prevent: if an\nirqfd is deactivated, and then its routing is changed,\nkvm_irq_routing_update() won\u0027t invoke kvm_arch_update_irqfd_routing()\n(because the irqfd isn\u0027t in the list). And so if the irqfd is in bypass\nmode, IRQs will continue to be posted using the old routing information.\n\nAs for kvm_arch_irq_bypass_del_producer(), clobbering the routing type\nresults in KVM incorrectly keeping the IRQ in bypass mode, which is\nespecially problematic on AMD as KVM tracks IRQs that are being posted to\na vCPU in a list whose lifetime is tied to the irqfd.\n\nWithout the help of KASAN to detect use-after-free, the most common\nsympton on AMD is a NULL pointer deref in amd_iommu_update_ga() due to\nthe memory for irqfd structure being re-allocated and zeroed, resulting\nin irqfd-\u003eirq_bypass_data being NULL when read by\navic_update_iommu_vcpu_affinity():\n\n BUG: kernel NULL pointer dereference, address: 0000000000000018\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 40cf2b9067 P4D 40cf2b9067 PUD 408362a067 PMD 0\n Oops: Oops: 0000 [#1] SMP\n CPU: 6 UID: 0 PID: 40383 Comm: vfio_irq_test\n Tainted: G U W O 6.19.0-smp--5dddc257e6b2-irqfd #31 NONE\n Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.78.2-0 09/05/2025\n RIP: 0010:amd_iommu_update_ga+0x19/0xe0\n Call Trace:\n \u003cTASK\u003e\n avic_update_iommu_vcpu_affinity+0x3d/0x90 [kvm_amd]\n __avic_vcpu_load+0xf4/0x130 [kvm_amd]\n kvm_arch_vcpu_load+0x89/0x210 [kvm]\n vcpu_load+0x30/0x40 [kvm]\n kvm_arch_vcpu_ioctl_run+0x45/0x620 [kvm]\n kvm_vcpu_ioctl+0x571/0x6a0 [kvm]\n __se_sys_ioctl+0x6d/0xb0\n do_syscall_64+0x6f/0x9d0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x46893b\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n\nIf AVIC is inhibited when the irfd is deassigned, the bug will manifest as\nlist corruption, e.g. on the next irqfd assignment.\n\n list_add corruption. next-\u003eprev should be prev (ffff8d474d5cd588),\n but was 0000000000000000. (next=ffff8d8658f86530).\n ------------[ cut here ]------------\n kernel BUG at lib/list_debug.c:31!\n Oops: invalid opcode: 0000 [#1] SMP\n CPU: 128 UID: 0 PID: 80818 Comm: vfio_irq_test\n Tainted: G U W O 6.19.0-smp--f19dc4d680ba-irqfd #28 NONE\n Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.78.2-0 09/05/2025\n RIP: 0010:__list_add_valid_or_report+0x97/0xc0\n Call Trace:\n \u003cTASK\u003e\n avic_pi_update_irte+0x28e/0x2b0 [kvm_amd]\n kvm_pi_update_irte+0xbf/0x190 [kvm]\n kvm_arch_irq_bypass_add_producer+0x72/0x90 [kvm]\n irq_bypass_register_consumer+0xcd/0x170 [irqbypa\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23198",
"url": "https://www.suse.com/security/cve/CVE-2026-23198"
},
{
"category": "external",
"summary": "SUSE Bug 1258321 for CVE-2026-23198",
"url": "https://bugzilla.suse.com/1258321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23198"
},
{
"cve": "CVE-2026-23202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer\n\nThe curr_xfer field is read by the IRQ handler without holding the lock\nto check if a transfer is in progress. When clearing curr_xfer in the\ncombined sequence transfer loop, protect it with the spinlock to prevent\na race with the interrupt handler.\n\nProtect the curr_xfer clearing at the exit path of\ntegra_qspi_combined_seq_xfer() with the spinlock to prevent a race\nwith the interrupt handler that reads this field.\n\nWithout this protection, the IRQ handler could read a partially updated\ncurr_xfer value, leading to NULL pointer dereference or use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23202",
"url": "https://www.suse.com/security/cve/CVE-2026-23202"
},
{
"category": "external",
"summary": "SUSE Bug 1258338 for CVE-2026-23202",
"url": "https://bugzilla.suse.com/1258338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2026-23202"
},
{
"cve": "CVE-2026-23207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23207"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer check in IRQ handler\n\nNow that all other accesses to curr_xfer are done under the lock,\nprotect the curr_xfer NULL check in tegra_qspi_isr_thread() with the\nspinlock. Without this protection, the following race can occur:\n\n CPU0 (ISR thread) CPU1 (timeout path)\n ---------------- -------------------\n if (!tqspi-\u003ecurr_xfer)\n // sees non-NULL\n spin_lock()\n tqspi-\u003ecurr_xfer = NULL\n spin_unlock()\n handle_*_xfer()\n spin_lock()\n t = tqspi-\u003ecurr_xfer // NULL!\n ... t-\u003elen ... // NULL dereference!\n\nWith this patch, all curr_xfer accesses are now properly synchronized.\n\nAlthough all accesses to curr_xfer are done under the lock, in\ntegra_qspi_isr_thread() it checks for NULL, releases the lock and\nreacquires it later in handle_cpu_based_xfer()/handle_dma_based_xfer().\nThere is a potential for an update in between, which could cause a NULL\npointer dereference.\n\nTo handle this, add a NULL check inside the handlers after acquiring\nthe lock. This ensures that if the timeout path has already cleared\ncurr_xfer, the handler will safely return without dereferencing the\nNULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23207",
"url": "https://www.suse.com/security/cve/CVE-2026-23207"
},
{
"category": "external",
"summary": "SUSE Bug 1258524 for CVE-2026-23207",
"url": "https://bugzilla.suse.com/1258524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23207"
},
{
"cve": "CVE-2026-23208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23208"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Prevent excessive number of frames\n\nIn this case, the user constructed the parameters with maxpacksize 40\nfor rate 22050 / pps 1000, and packsize[0] 22 packsize[1] 23. The buffer\nsize for each data URB is maxpacksize * packets, which in this example\nis 40 * 6 = 240; When the user performs a write operation to send audio\ndata into the ALSA PCM playback stream, the calculated number of frames\nis packsize[0] * packets = 264, which exceeds the allocated URB buffer\nsize, triggering the out-of-bounds (OOB) issue reported by syzbot [1].\n\nAdded a check for the number of single data URB frames when calculating\nthe number of frames to prevent [1].\n\n[1]\nBUG: KASAN: slab-out-of-bounds in copy_to_urb+0x261/0x460 sound/usb/pcm.c:1487\nWrite of size 264 at addr ffff88804337e800 by task syz.0.17/5506\nCall Trace:\n copy_to_urb+0x261/0x460 sound/usb/pcm.c:1487\n prepare_playback_urb+0x953/0x13d0 sound/usb/pcm.c:1611\n prepare_outbound_urb+0x377/0xc50 sound/usb/endpoint.c:333",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23208",
"url": "https://www.suse.com/security/cve/CVE-2026-23208"
},
{
"category": "external",
"summary": "SUSE Bug 1258468 for CVE-2026-23208",
"url": "https://bugzilla.suse.com/1258468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23208"
},
{
"cve": "CVE-2026-23209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23209"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacvlan: fix error recovery in macvlan_common_newlink()\n\nvalis provided a nice repro to crash the kernel:\n\nip link add p1 type veth peer p2\nip link set address 00:00:00:00:00:20 dev p1\nip link set up dev p1\nip link set up dev p2\n\nip link add mv0 link p2 type macvlan mode source\nip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20\n\nping -c1 -I p1 1.2.3.4\n\nHe also gave a very detailed analysis:\n\n\u003cquote valis\u003e\n\nThe issue is triggered when a new macvlan link is created with\nMACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or\nMACVLAN_MACADDR_SET) parameter, lower device already has a macvlan\nport and register_netdevice() called from macvlan_common_newlink()\nfails (e.g. because of the invalid link name).\n\nIn this case macvlan_hash_add_source is called from\nmacvlan_change_sources() / macvlan_common_newlink():\n\nThis adds a reference to vlan to the port\u0027s vlan_source_hash using\nmacvlan_source_entry.\n\nvlan is a pointer to the priv data of the link that is being created.\n\nWhen register_netdevice() fails, the error is returned from\nmacvlan_newlink() to rtnl_newlink_create():\n\n if (ops-\u003enewlink)\n err = ops-\u003enewlink(dev, \u0026params, extack);\n else\n err = register_netdevice(dev);\n if (err \u003c 0) {\n free_netdev(dev);\n goto out;\n }\n\nand free_netdev() is called, causing a kvfree() on the struct\nnet_device that is still referenced in the source entry attached to\nthe lower device\u0027s macvlan port.\n\nNow all packets sent on the macvlan port with a matching source mac\naddress will trigger a use-after-free in macvlan_forward_source().\n\n\u003c/quote valis\u003e\n\nWith all that, my fix is to make sure we call macvlan_flush_sources()\nregardless of @create value whenever \"goto destroy_macvlan_port;\"\npath is taken.\n\nMany thanks to valis for following up on this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23209",
"url": "https://www.suse.com/security/cve/CVE-2026-23209"
},
{
"category": "external",
"summary": "SUSE Bug 1258518 for CVE-2026-23209",
"url": "https://bugzilla.suse.com/1258518"
},
{
"category": "external",
"summary": "SUSE Bug 1258784 for CVE-2026-23209",
"url": "https://bugzilla.suse.com/1258784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "important"
}
],
"title": "CVE-2026-23209"
},
{
"cve": "CVE-2026-23213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23213"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Disable MMIO access during SMU Mode 1 reset\n\nDuring Mode 1 reset, the ASIC undergoes a reset cycle and becomes\ntemporarily inaccessible via PCIe. Any attempt to access MMIO registers\nduring this window (e.g., from interrupt handlers or other driver threads)\ncan result in uncompleted PCIe transactions, leading to NMI panics or\nsystem hangs.\n\nTo prevent this, set the `no_hw_access` flag to true immediately after\ntriggering the reset. This signals other driver components to skip\nregister accesses while the device is offline.\n\nA memory barrier `smp_mb()` is added to ensure the flag update is\nglobally visible to all cores before the driver enters the sleep/wait\nstate.\n\n(cherry picked from commit 7edb503fe4b6d67f47d8bb0dfafb8e699bb0f8a4)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23213",
"url": "https://www.suse.com/security/cve/CVE-2026-23213"
},
{
"category": "external",
"summary": "SUSE Bug 1258465 for CVE-2026-23213",
"url": "https://bugzilla.suse.com/1258465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23213"
},
{
"cve": "CVE-2026-23214",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23214"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject new transactions if the fs is fully read-only\n\n[BUG]\nThere is a bug report where a heavily fuzzed fs is mounted with all\nrescue mount options, which leads to the following warnings during\nunmount:\n\n BTRFS: Transaction aborted (error -22)\n Modules linked in:\n CPU: 0 UID: 0 PID: 9758 Comm: repro.out Not tainted\n 6.19.0-rc5-00002-gb71e635feefc #7 PREEMPT(full)\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:find_free_extent_update_loop fs/btrfs/extent-tree.c:4208 [inline]\n RIP: 0010:find_free_extent+0x52f0/0x5d20 fs/btrfs/extent-tree.c:4611\n Call Trace:\n \u003cTASK\u003e\n btrfs_reserve_extent+0x2cd/0x790 fs/btrfs/extent-tree.c:4705\n btrfs_alloc_tree_block+0x1e1/0x10e0 fs/btrfs/extent-tree.c:5157\n btrfs_force_cow_block+0x578/0x2410 fs/btrfs/ctree.c:517\n btrfs_cow_block+0x3c4/0xa80 fs/btrfs/ctree.c:708\n btrfs_search_slot+0xcad/0x2b50 fs/btrfs/ctree.c:2130\n btrfs_truncate_inode_items+0x45d/0x2350 fs/btrfs/inode-item.c:499\n btrfs_evict_inode+0x923/0xe70 fs/btrfs/inode.c:5628\n evict+0x5f4/0xae0 fs/inode.c:837\n __dentry_kill+0x209/0x660 fs/dcache.c:670\n finish_dput+0xc9/0x480 fs/dcache.c:879\n shrink_dcache_for_umount+0xa0/0x170 fs/dcache.c:1661\n generic_shutdown_super+0x67/0x2c0 fs/super.c:621\n kill_anon_super+0x3b/0x70 fs/super.c:1289\n btrfs_kill_super+0x41/0x50 fs/btrfs/super.c:2127\n deactivate_locked_super+0xbc/0x130 fs/super.c:474\n cleanup_mnt+0x425/0x4c0 fs/namespace.c:1318\n task_work_run+0x1d4/0x260 kernel/task_work.c:233\n exit_task_work include/linux/task_work.h:40 [inline]\n do_exit+0x694/0x22f0 kernel/exit.c:971\n do_group_exit+0x21c/0x2d0 kernel/exit.c:1112\n __do_sys_exit_group kernel/exit.c:1123 [inline]\n __se_sys_exit_group kernel/exit.c:1121 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1121\n x64_sys_call+0x2210/0x2210 arch/x86/include/generated/asm/syscalls_64.h:232\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe8/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x44f639\n Code: Unable to access opcode bytes at 0x44f60f.\n RSP: 002b:00007ffc15c4e088 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\n RAX: ffffffffffffffda RBX: 00000000004c32f0 RCX: 000000000044f639\n RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000001\n RBP: 0000000000000001 R08: ffffffffffffffc0 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004c32f0\n R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \u003c/TASK\u003e\n\nSince rescue mount options will mark the full fs read-only, there should\nbe no new transaction triggered.\n\nBut during unmount we will evict all inodes, which can trigger a new\ntransaction, and triggers warnings on a heavily corrupted fs.\n\n[CAUSE]\nBtrfs allows new transaction even on a read-only fs, this is to allow\nlog replay happen even on read-only mounts, just like what ext4/xfs do.\n\nHowever with rescue mount options, the fs is fully read-only and cannot\nbe remounted read-write, thus in that case we should also reject any new\ntransactions.\n\n[FIX]\nIf we find the fs has rescue mount options, we should treat the fs as\nerror, so that no new transaction can be started.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23214",
"url": "https://www.suse.com/security/cve/CVE-2026-23214"
},
{
"category": "external",
"summary": "SUSE Bug 1258464 for CVE-2026-23214",
"url": "https://bugzilla.suse.com/1258464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23214"
},
{
"cve": "CVE-2026-23221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23221"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix use-after-free in driver_override_show()\n\nThe driver_override_show() function reads the driver_override string\nwithout holding the device_lock. However, driver_override_store() uses\ndriver_set_override(), which modifies and frees the string while holding\nthe device_lock.\n\nThis can result in a concurrent use-after-free if the string is freed\nby the store function while being read by the show function.\n\nFix this by holding the device_lock around the read operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23221",
"url": "https://www.suse.com/security/cve/CVE-2026-23221"
},
{
"category": "external",
"summary": "SUSE Bug 1258660 for CVE-2026-23221",
"url": "https://bugzilla.suse.com/1258660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23221"
},
{
"cve": "CVE-2026-23222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly\n\nThe existing allocation of scatterlists in omap_crypto_copy_sg_lists()\nwas allocating an array of scatterlist pointers, not scatterlist objects,\nresulting in a 4x too small allocation.\n\nUse sizeof(*new_sg) to get the correct object size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23222",
"url": "https://www.suse.com/security/cve/CVE-2026-23222"
},
{
"category": "external",
"summary": "SUSE Bug 1258484 for CVE-2026-23222",
"url": "https://bugzilla.suse.com/1258484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23222"
},
{
"cve": "CVE-2026-23229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio - Add spinlock protection with virtqueue notification\n\nWhen VM boots with one virtio-crypto PCI device and builtin backend,\nrun openssl benchmark command with multiple processes, such as\n openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32\n\nopenssl processes will hangup and there is error reported like this:\n virtio_crypto virtio0: dataq.0:id 3 is not a head!\n\nIt seems that the data virtqueue need protection when it is handled\nfor virtio done notification. If the spinlock protection is added\nin virtcrypto_done_task(), openssl benchmark with multiple processes\nworks well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23229",
"url": "https://www.suse.com/security/cve/CVE-2026-23229"
},
{
"category": "external",
"summary": "SUSE Bug 1258429 for CVE-2026-23229",
"url": "https://bugzilla.suse.com/1258429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-40.1.21.17.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-40.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-40.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-40.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-11T15:14:55Z",
"details": "moderate"
}
],
"title": "CVE-2026-23229"
}
]
}
WID-SEC-W-2026-0324
Vulnerability from csaf_certbund - Published: 2026-02-04 23:00 - Updated: 2026-03-08 23:00Summary
Linux Kernel: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service- Bedingung führen oder eine Speicherbeschädigung verursachen können.
Betroffene Betriebssysteme: - Linux
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einer Denial-of-Service- Bedingung f\u00fchren oder eine Speicherbesch\u00e4digung verursachen k\u00f6nnen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0324 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0324.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0324 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0324"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71192",
"url": "https://lore.kernel.org/linux-cve-announce/2026020438-CVE-2025-71192-3370@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71193",
"url": "https://lore.kernel.org/linux-cve-announce/2026020439-CVE-2025-71193-288d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71194",
"url": "https://lore.kernel.org/linux-cve-announce/2026020448-CVE-2025-71194-1108@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71195",
"url": "https://lore.kernel.org/linux-cve-announce/2026020449-CVE-2025-71195-8c0c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71196",
"url": "https://lore.kernel.org/linux-cve-announce/2026020449-CVE-2025-71196-cf4b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71197",
"url": "https://lore.kernel.org/linux-cve-announce/2026020412-CVE-2025-71197-cfe2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71198",
"url": "https://lore.kernel.org/linux-cve-announce/2026020412-CVE-2025-71198-3572@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71199",
"url": "https://lore.kernel.org/linux-cve-announce/2026020412-CVE-2025-71199-9a60@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23040",
"url": "https://lore.kernel.org/linux-cve-announce/2026020438-CVE-2026-23040-1980@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23041",
"url": "https://lore.kernel.org/linux-cve-announce/2026020438-CVE-2026-23041-a426@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23042",
"url": "https://lore.kernel.org/linux-cve-announce/2026020439-CVE-2026-23042-ce47@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23043",
"url": "https://lore.kernel.org/linux-cve-announce/2026020439-CVE-2026-23043-4975@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23044",
"url": "https://lore.kernel.org/linux-cve-announce/2026020439-CVE-2026-23044-3312@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23045",
"url": "https://lore.kernel.org/linux-cve-announce/2026020440-CVE-2026-23045-103a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23046",
"url": "https://lore.kernel.org/linux-cve-announce/2026020440-CVE-2026-23046-8bdb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23047",
"url": "https://lore.kernel.org/linux-cve-announce/2026020440-CVE-2026-23047-38d4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23048",
"url": "https://lore.kernel.org/linux-cve-announce/2026020441-CVE-2026-23048-f1cc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23049",
"url": "https://lore.kernel.org/linux-cve-announce/2026020449-CVE-2026-23049-9298@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23050",
"url": "https://lore.kernel.org/linux-cve-announce/2026020450-CVE-2026-23050-378c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23051",
"url": "https://lore.kernel.org/linux-cve-announce/2026020450-CVE-2026-23051-7ad8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23052",
"url": "https://lore.kernel.org/linux-cve-announce/2026020450-CVE-2026-23052-340f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23053",
"url": "https://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23053-f630@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23054",
"url": "https://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23054-3712@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23055",
"url": "https://lore.kernel.org/linux-cve-announce/2026020451-CVE-2026-23055-3f25@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23056",
"url": "https://lore.kernel.org/linux-cve-announce/2026020413-CVE-2026-23056-ddc8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23057",
"url": "https://lore.kernel.org/linux-cve-announce/2026020413-CVE-2026-23057-03eb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23058",
"url": "https://lore.kernel.org/linux-cve-announce/2026020414-CVE-2026-23058-802c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23059",
"url": "https://lore.kernel.org/linux-cve-announce/2026020414-CVE-2026-23059-152f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23060",
"url": "https://lore.kernel.org/linux-cve-announce/2026020414-CVE-2026-23060-6a41@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23061",
"url": "https://lore.kernel.org/linux-cve-announce/2026020415-CVE-2026-23061-31be@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23062",
"url": "https://lore.kernel.org/linux-cve-announce/2026020415-CVE-2026-23062-991d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23063",
"url": "https://lore.kernel.org/linux-cve-announce/2026020415-CVE-2026-23063-d727@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23064",
"url": "https://lore.kernel.org/linux-cve-announce/2026020416-CVE-2026-23064-8eec@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23065",
"url": "https://lore.kernel.org/linux-cve-announce/2026020416-CVE-2026-23065-f6ae@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23066",
"url": "https://lore.kernel.org/linux-cve-announce/2026020416-CVE-2026-23066-8e44@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23067",
"url": "https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23067-b41f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23068",
"url": "https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23068-0852@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23069",
"url": "https://lore.kernel.org/linux-cve-announce/2026020417-CVE-2026-23069-d026@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23070",
"url": "https://lore.kernel.org/linux-cve-announce/2026020418-CVE-2026-23070-2fcd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23071",
"url": "https://lore.kernel.org/linux-cve-announce/2026020418-CVE-2026-23071-675b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23072",
"url": "https://lore.kernel.org/linux-cve-announce/2026020418-CVE-2026-23072-916e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23073",
"url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23073-9fce@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23074",
"url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23074-6bb8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23075",
"url": "https://lore.kernel.org/linux-cve-announce/2026020419-CVE-2026-23075-0aef@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23076",
"url": "https://lore.kernel.org/linux-cve-announce/2026020420-CVE-2026-23076-b054@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23077",
"url": "https://lore.kernel.org/linux-cve-announce/2026020420-CVE-2026-23077-6880@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23078",
"url": "https://lore.kernel.org/linux-cve-announce/2026020420-CVE-2026-23078-61cc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23079",
"url": "https://lore.kernel.org/linux-cve-announce/2026020421-CVE-2026-23079-bb7e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23080",
"url": "https://lore.kernel.org/linux-cve-announce/2026020421-CVE-2026-23080-74d1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23081",
"url": "https://lore.kernel.org/linux-cve-announce/2026020421-CVE-2026-23081-5494@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23082",
"url": "https://lore.kernel.org/linux-cve-announce/2026020422-CVE-2026-23082-7bc8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23083",
"url": "https://lore.kernel.org/linux-cve-announce/2026020422-CVE-2026-23083-8968@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23084",
"url": "https://lore.kernel.org/linux-cve-announce/2026020422-CVE-2026-23084-8073@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23085",
"url": "https://lore.kernel.org/linux-cve-announce/2026020423-CVE-2026-23085-14e2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23086",
"url": "https://lore.kernel.org/linux-cve-announce/2026020423-CVE-2026-23086-9ad9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23087",
"url": "https://lore.kernel.org/linux-cve-announce/2026020423-CVE-2026-23087-f17e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23088",
"url": "https://lore.kernel.org/linux-cve-announce/2026020424-CVE-2026-23088-e0da@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23089",
"url": "https://lore.kernel.org/linux-cve-announce/2026020424-CVE-2026-23089-760f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23090",
"url": "https://lore.kernel.org/linux-cve-announce/2026020425-CVE-2026-23090-2971@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23091",
"url": "https://lore.kernel.org/linux-cve-announce/2026020425-CVE-2026-23091-4580@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23092",
"url": "https://lore.kernel.org/linux-cve-announce/2026020425-CVE-2026-23092-fc15@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23093",
"url": "https://lore.kernel.org/linux-cve-announce/2026020426-CVE-2026-23093-db0d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23094",
"url": "https://lore.kernel.org/linux-cve-announce/2026020426-CVE-2026-23094-9cb7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23095",
"url": "https://lore.kernel.org/linux-cve-announce/2026020426-CVE-2026-23095-66e8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23096",
"url": "https://lore.kernel.org/linux-cve-announce/2026020427-CVE-2026-23096-e5af@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23097",
"url": "https://lore.kernel.org/linux-cve-announce/2026020427-CVE-2026-23097-a591@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23098",
"url": "https://lore.kernel.org/linux-cve-announce/2026020427-CVE-2026-23098-1fd2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23099",
"url": "https://lore.kernel.org/linux-cve-announce/2026020428-CVE-2026-23099-a393@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23100",
"url": "https://lore.kernel.org/linux-cve-announce/2026020428-CVE-2026-23100-b482@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23101",
"url": "https://lore.kernel.org/linux-cve-announce/2026020428-CVE-2026-23101-47e0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23102",
"url": "https://lore.kernel.org/linux-cve-announce/2026020429-CVE-2026-23102-bafe@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23103",
"url": "https://lore.kernel.org/linux-cve-announce/2026020429-CVE-2026-23103-63b3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23104",
"url": "https://lore.kernel.org/linux-cve-announce/2026020429-CVE-2026-23104-3802@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23105",
"url": "https://lore.kernel.org/linux-cve-announce/2026020430-CVE-2026-23105-1d6d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23106",
"url": "https://lore.kernel.org/linux-cve-announce/2026020430-CVE-2026-23106-3edb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23107",
"url": "https://lore.kernel.org/linux-cve-announce/2026020430-CVE-2026-23107-50d8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23108",
"url": "https://lore.kernel.org/linux-cve-announce/2026020431-CVE-2026-23108-0550@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23109",
"url": "https://lore.kernel.org/linux-cve-announce/2026020431-CVE-2026-23109-3e57@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23110",
"url": "https://lore.kernel.org/linux-cve-announce/2026020431-CVE-2026-23110-56b1@gregkh/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6126 vom 2026-02-09",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00035.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6127 vom 2026-02-10",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00036.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4476 vom 2026-02-11",
"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00017.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4475 vom 2026-02-11",
"url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00016.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2026-113 vom 2026-02-19",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2026-113.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3083 vom 2026-02-23",
"url": "https://access.redhat.com/errata/RHSA-2026:3083"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3110 vom 2026-02-23",
"url": "https://access.redhat.com/errata/RHSA-2026:3110"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3277 vom 2026-02-25",
"url": "https://access.redhat.com/errata/RHSA-2026:3277"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0617-1 vom 2026-02-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024378.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3268 vom 2026-02-25",
"url": "https://access.redhat.com/errata/RHSA-2026:3268"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-3083 vom 2026-02-25",
"url": "https://linux.oracle.com/errata/ELSA-2026-3083.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3360 vom 2026-02-25",
"url": "https://access.redhat.com/errata/RHSA-2026:3360"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3388 vom 2026-02-26",
"url": "https://access.redhat.com/errata/RHSA-2026:3388"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3463 vom 2026-03-02",
"url": "https://access.redhat.com/errata/RHSA-2026:3463"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3488 vom 2026-03-02",
"url": "https://access.redhat.com/errata/RHSA-2026:3488"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3464 vom 2026-03-02",
"url": "https://access.redhat.com/errata/RHSA-2026:3464"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-3488 vom 2026-03-02",
"url": "https://linux.oracle.com/errata/ELSA-2026-3488.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-3464 vom 2026-03-03",
"url": "https://linux.oracle.com/errata/ELSA-2026-3464.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3634 vom 2026-03-03",
"url": "https://access.redhat.com/errata/RHSA-2026:3634"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:3464 vom 2026-03-04",
"url": "https://errata.build.resf.org/RLSA-2026:3464"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:3463 vom 2026-03-04",
"url": "https://errata.build.resf.org/RLSA-2026:3463"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3810 vom 2026-03-05",
"url": "https://access.redhat.com/errata/RHSA-2026:3810"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:3488 vom 2026-03-05",
"url": "https://errata.build.resf.org/RLSA-2026:3488"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2026-098 vom 2026-03-06",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2026-098.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:4012 vom 2026-03-09",
"url": "https://access.redhat.com/errata/RHSA-2026:4012"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-08T23:00:00.000+00:00",
"generator": {
"date": "2026-03-09T10:37:00.414+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0324",
"initial_release_date": "2026-02-04T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-09T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-02-11T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-02-23T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-24T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-01T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-02T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-03-03T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2026-03-08T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "13"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T050562",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-71192",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2025-71192"
},
{
"cve": "CVE-2025-71193",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2025-71193"
},
{
"cve": "CVE-2025-71194",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2025-71194"
},
{
"cve": "CVE-2025-71195",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2025-71195"
},
{
"cve": "CVE-2025-71196",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2025-71196"
},
{
"cve": "CVE-2025-71197",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2025-71197"
},
{
"cve": "CVE-2025-71198",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2025-71198"
},
{
"cve": "CVE-2025-71199",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2025-71199"
},
{
"cve": "CVE-2026-23040",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23040"
},
{
"cve": "CVE-2026-23041",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23041"
},
{
"cve": "CVE-2026-23042",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23042"
},
{
"cve": "CVE-2026-23043",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23043"
},
{
"cve": "CVE-2026-23044",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23044"
},
{
"cve": "CVE-2026-23045",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23045"
},
{
"cve": "CVE-2026-23046",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23046"
},
{
"cve": "CVE-2026-23047",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23047"
},
{
"cve": "CVE-2026-23048",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23048"
},
{
"cve": "CVE-2026-23049",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23049"
},
{
"cve": "CVE-2026-23050",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23050"
},
{
"cve": "CVE-2026-23051",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23051"
},
{
"cve": "CVE-2026-23052",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23052"
},
{
"cve": "CVE-2026-23053",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23053"
},
{
"cve": "CVE-2026-23054",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23054"
},
{
"cve": "CVE-2026-23055",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23055"
},
{
"cve": "CVE-2026-23056",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23056"
},
{
"cve": "CVE-2026-23057",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23057"
},
{
"cve": "CVE-2026-23058",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23058"
},
{
"cve": "CVE-2026-23059",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23059"
},
{
"cve": "CVE-2026-23060",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23060"
},
{
"cve": "CVE-2026-23061",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23061"
},
{
"cve": "CVE-2026-23062",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23062"
},
{
"cve": "CVE-2026-23063",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23063"
},
{
"cve": "CVE-2026-23064",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23064"
},
{
"cve": "CVE-2026-23065",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23065"
},
{
"cve": "CVE-2026-23066",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23066"
},
{
"cve": "CVE-2026-23067",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23067"
},
{
"cve": "CVE-2026-23068",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23068"
},
{
"cve": "CVE-2026-23069",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23069"
},
{
"cve": "CVE-2026-23070",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23070"
},
{
"cve": "CVE-2026-23071",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23071"
},
{
"cve": "CVE-2026-23072",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23072"
},
{
"cve": "CVE-2026-23073",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23073"
},
{
"cve": "CVE-2026-23074",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23074"
},
{
"cve": "CVE-2026-23075",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23075"
},
{
"cve": "CVE-2026-23076",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23076"
},
{
"cve": "CVE-2026-23077",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23077"
},
{
"cve": "CVE-2026-23078",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23078"
},
{
"cve": "CVE-2026-23079",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23079"
},
{
"cve": "CVE-2026-23080",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23080"
},
{
"cve": "CVE-2026-23081",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23081"
},
{
"cve": "CVE-2026-23082",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23082"
},
{
"cve": "CVE-2026-23083",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23083"
},
{
"cve": "CVE-2026-23084",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23084"
},
{
"cve": "CVE-2026-23085",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23085"
},
{
"cve": "CVE-2026-23086",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23086"
},
{
"cve": "CVE-2026-23087",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23087"
},
{
"cve": "CVE-2026-23088",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23088"
},
{
"cve": "CVE-2026-23089",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23089"
},
{
"cve": "CVE-2026-23090",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23090"
},
{
"cve": "CVE-2026-23091",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23091"
},
{
"cve": "CVE-2026-23092",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23092"
},
{
"cve": "CVE-2026-23093",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23093"
},
{
"cve": "CVE-2026-23094",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23094"
},
{
"cve": "CVE-2026-23095",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23095"
},
{
"cve": "CVE-2026-23096",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23096"
},
{
"cve": "CVE-2026-23097",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23097"
},
{
"cve": "CVE-2026-23098",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23098"
},
{
"cve": "CVE-2026-23099",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23099"
},
{
"cve": "CVE-2026-23100",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23100"
},
{
"cve": "CVE-2026-23101",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23101"
},
{
"cve": "CVE-2026-23102",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23102"
},
{
"cve": "CVE-2026-23103",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23103"
},
{
"cve": "CVE-2026-23104",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23104"
},
{
"cve": "CVE-2026-23105",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23105"
},
{
"cve": "CVE-2026-23106",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23106"
},
{
"cve": "CVE-2026-23107",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23107"
},
{
"cve": "CVE-2026-23108",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23108"
},
{
"cve": "CVE-2026-23109",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23109"
},
{
"cve": "CVE-2026-23110",
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"398363",
"T004914",
"T032255",
"T050562"
]
},
"release_date": "2026-02-04T23:00:00.000+00:00",
"title": "CVE-2026-23110"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…