Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-23232 (GCVE-0-2026-23232)
Vulnerability from cvelistv5 – Published: 2026-03-04 14:36 – Updated: 2026-03-04 14:36
VLAI?
EPSS
Title
Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()"
Summary
In the Linux kernel, the following vulnerability has been resolved:
Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()"
This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.
Original patch may cause below deadlock, revert it.
write remount
- write_begin
- lock_page --- lock A
- prepare_write_begin
- f2fs_map_lock
- f2fs_enable_checkpoint
- down_write(cp_enable_rwsem) --- lock B
- sync_inode_sb
- writepages
- lock_page --- lock A
- down_read(cp_enable_rwsem) --- lock A
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/f2fs/data.c",
"fs/f2fs/f2fs.h",
"fs/f2fs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b6382273801bc7c778545dd8004c9a9d750b4f62",
"status": "affected",
"version": "196c81fdd438f7ac429d5639090a9816abb9760a",
"versionType": "git"
},
{
"lessThan": "3996b70209f145bfcf2afc7d05dd92c27b233b48",
"status": "affected",
"version": "196c81fdd438f7ac429d5639090a9816abb9760a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/f2fs/data.c",
"fs/f2fs/f2fs.h",
"fs/f2fs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.19"
},
{
"lessThan": "6.19",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.3",
"versionStartIncluding": "6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0-rc1",
"versionStartIncluding": "6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"\n\nThis reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.\n\nOriginal patch may cause below deadlock, revert it.\n\nwrite\t\t\t\tremount\n- write_begin\n - lock_page --- lock A\n - prepare_write_begin\n - f2fs_map_lock\n\t\t\t\t- f2fs_enable_checkpoint\n\t\t\t\t - down_write(cp_enable_rwsem) --- lock B\n\t\t\t\t - sync_inode_sb\n\t\t\t\t - writepages\n\t\t\t\t - lock_page\t\t\t--- lock A\n - down_read(cp_enable_rwsem) --- lock A"
}
],
"providerMetadata": {
"dateUpdated": "2026-03-04T14:36:37.323Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b6382273801bc7c778545dd8004c9a9d750b4f62"
},
{
"url": "https://git.kernel.org/stable/c/3996b70209f145bfcf2afc7d05dd92c27b233b48"
}
],
"title": "Revert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23232",
"datePublished": "2026-03-04T14:36:37.323Z",
"dateReserved": "2026-01-13T15:37:45.988Z",
"dateUpdated": "2026-03-04T14:36:37.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-23232\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-03-04T15:16:13.477\",\"lastModified\":\"2026-03-17T21:21:42.327\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRevert \\\"f2fs: block cache/dio write during f2fs_enable_checkpoint()\\\"\\n\\nThis reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.\\n\\nOriginal patch may cause below deadlock, revert it.\\n\\nwrite\\t\\t\\t\\tremount\\n- write_begin\\n - lock_page --- lock A\\n - prepare_write_begin\\n - f2fs_map_lock\\n\\t\\t\\t\\t- f2fs_enable_checkpoint\\n\\t\\t\\t\\t - down_write(cp_enable_rwsem) --- lock B\\n\\t\\t\\t\\t - sync_inode_sb\\n\\t\\t\\t\\t - writepages\\n\\t\\t\\t\\t - lock_page\\t\\t\\t--- lock A\\n - down_read(cp_enable_rwsem) --- lock A\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \u00abf2fs: bloqueo de cach\u00e9/escritura dio durante f2fs_enable_checkpoint()\u00bb. Esto revierte la confirmaci\u00f3n 196c81fdd438f7ac429d5639090a9816abb9760a. El parche original puede causar el siguiente bloqueo, reviertelo. write remount - write_begin - lock_page --- lock A - prepare_write_begin - f2fs_map_lock - f2fs_enable_checkpoint - down_write (cp_enable_rwsem) --- bloqueo B - sync_inode_sb - writepages - lock_page --- bloqueo A - down_read(cp_enable_rwsem) --- bloqueo A\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"6.19.3\",\"matchCriteriaId\":\"7853A337-FB2A-4E19-AB47-4E38343532AA\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/3996b70209f145bfcf2afc7d05dd92c27b233b48\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b6382273801bc7c778545dd8004c9a9d750b4f62\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
OPENSUSE-SU-2026:10387-1
Vulnerability from csaf_opensuse - Published: 2026-03-18 00:00 - Updated: 2026-03-18 00:00Summary
kernel-devel-6.19.8-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: kernel-devel-6.19.8-1.1 on GA media
Description of the patch: These are all security issues fixed in the kernel-devel-6.19.8-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10387
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kernel-devel-6.19.8-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kernel-devel-6.19.8-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10387",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10387-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71229 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71230 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71232 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71233 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71234 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71235 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71236 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71237 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71238 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71238/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23220 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23220/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23221 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23222 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23223 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23223/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23224 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23224/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23225 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23225/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23226 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23226/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23227 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23228 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23228/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23230 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23231 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23232 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23233 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23234 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23235 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23236 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23239 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23240 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23240/"
}
],
"title": "kernel-devel-6.19.8-1.1 on GA media",
"tracking": {
"current_release_date": "2026-03-18T00:00:00Z",
"generator": {
"date": "2026-03-18T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10387-1",
"initial_release_date": "2026-03-18T00:00:00Z",
"revision_history": [
{
"date": "2026-03-18T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.19.8-1.1.aarch64",
"product": {
"name": "kernel-devel-6.19.8-1.1.aarch64",
"product_id": "kernel-devel-6.19.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.19.8-1.1.aarch64",
"product": {
"name": "kernel-macros-6.19.8-1.1.aarch64",
"product_id": "kernel-macros-6.19.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.19.8-1.1.aarch64",
"product": {
"name": "kernel-source-6.19.8-1.1.aarch64",
"product_id": "kernel-source-6.19.8-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.19.8-1.1.aarch64",
"product": {
"name": "kernel-source-vanilla-6.19.8-1.1.aarch64",
"product_id": "kernel-source-vanilla-6.19.8-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.19.8-1.1.ppc64le",
"product": {
"name": "kernel-devel-6.19.8-1.1.ppc64le",
"product_id": "kernel-devel-6.19.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.19.8-1.1.ppc64le",
"product": {
"name": "kernel-macros-6.19.8-1.1.ppc64le",
"product_id": "kernel-macros-6.19.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-6.19.8-1.1.ppc64le",
"product": {
"name": "kernel-source-6.19.8-1.1.ppc64le",
"product_id": "kernel-source-6.19.8-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.19.8-1.1.ppc64le",
"product": {
"name": "kernel-source-vanilla-6.19.8-1.1.ppc64le",
"product_id": "kernel-source-vanilla-6.19.8-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.19.8-1.1.s390x",
"product": {
"name": "kernel-devel-6.19.8-1.1.s390x",
"product_id": "kernel-devel-6.19.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.19.8-1.1.s390x",
"product": {
"name": "kernel-macros-6.19.8-1.1.s390x",
"product_id": "kernel-macros-6.19.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-6.19.8-1.1.s390x",
"product": {
"name": "kernel-source-6.19.8-1.1.s390x",
"product_id": "kernel-source-6.19.8-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.19.8-1.1.s390x",
"product": {
"name": "kernel-source-vanilla-6.19.8-1.1.s390x",
"product_id": "kernel-source-vanilla-6.19.8-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.19.8-1.1.x86_64",
"product": {
"name": "kernel-devel-6.19.8-1.1.x86_64",
"product_id": "kernel-devel-6.19.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.19.8-1.1.x86_64",
"product": {
"name": "kernel-macros-6.19.8-1.1.x86_64",
"product_id": "kernel-macros-6.19.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.19.8-1.1.x86_64",
"product": {
"name": "kernel-source-6.19.8-1.1.x86_64",
"product_id": "kernel-source-6.19.8-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.19.8-1.1.x86_64",
"product": {
"name": "kernel-source-vanilla-6.19.8-1.1.x86_64",
"product_id": "kernel-source-vanilla-6.19.8-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.19.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64"
},
"product_reference": "kernel-devel-6.19.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.19.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le"
},
"product_reference": "kernel-devel-6.19.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.19.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x"
},
"product_reference": "kernel-devel-6.19.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.19.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64"
},
"product_reference": "kernel-devel-6.19.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.19.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64"
},
"product_reference": "kernel-macros-6.19.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.19.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le"
},
"product_reference": "kernel-macros-6.19.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.19.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x"
},
"product_reference": "kernel-macros-6.19.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.19.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64"
},
"product_reference": "kernel-macros-6.19.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.19.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64"
},
"product_reference": "kernel-source-6.19.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.19.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le"
},
"product_reference": "kernel-source-6.19.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.19.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x"
},
"product_reference": "kernel-source-6.19.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.19.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64"
},
"product_reference": "kernel-source-6.19.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.19.8-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64"
},
"product_reference": "kernel-source-vanilla-6.19.8-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.19.8-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le"
},
"product_reference": "kernel-source-vanilla-6.19.8-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.19.8-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x"
},
"product_reference": "kernel-source-vanilla-6.19.8-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.19.8-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
},
"product_reference": "kernel-source-vanilla-6.19.8-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-71229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()\n\nrtw_core_enable_beacon() reads 4 bytes from an address that is not a\nmultiple of 4. This results in a crash on some systems.\n\nDo 1 byte reads/writes instead.\n\nUnable to handle kernel paging request at virtual address ffff8000827e0522\nMem abort info:\n ESR = 0x0000000096000021\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x21: alignment fault\nData abort info:\n ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\nswapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000005492000\n[ffff8000827e0522] pgd=0000000000000000, p4d=10000001021d9403, pud=10000001021da403, pmd=100000011061c403, pte=00780000f3200f13\nInternal error: Oops: 0000000096000021 [#1] SMP\nModules linked in: [...] rtw88_8822ce rtw88_8822c rtw88_pci rtw88_core [...]\nCPU: 0 UID: 0 PID: 73 Comm: kworker/u32:2 Tainted: G W 6.17.9 #1-NixOS VOLUNTARY\nTainted: [W]=WARN\nHardware name: FriendlyElec NanoPC-T6 LTS (DT)\nWorkqueue: phy0 rtw_c2h_work [rtw88_core]\npstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : rtw_pci_read32+0x18/0x40 [rtw88_pci]\nlr : rtw_core_enable_beacon+0xe0/0x148 [rtw88_core]\nsp : ffff800080cc3ca0\nx29: ffff800080cc3ca0 x28: ffff0001031fc240 x27: ffff000102100828\nx26: ffffd2cb7c9b4088 x25: ffff0001031fc2c0 x24: ffff000112fdef00\nx23: ffff000112fdef18 x22: ffff000111c29970 x21: 0000000000000001\nx20: 0000000000000001 x19: ffff000111c22040 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\nx14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffd2cb6507c090\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000\nx2 : 0000000000007f10 x1 : 0000000000000522 x0 : ffff8000827e0522\nCall trace:\n rtw_pci_read32+0x18/0x40 [rtw88_pci] (P)\n rtw_hw_scan_chan_switch+0x124/0x1a8 [rtw88_core]\n rtw_fw_c2h_cmd_handle+0x254/0x290 [rtw88_core]\n rtw_c2h_work+0x50/0x98 [rtw88_core]\n process_one_work+0x178/0x3f8\n worker_thread+0x208/0x418\n kthread+0x120/0x220\n ret_from_fork+0x10/0x20\nCode: d28fe202 8b020000 f9524400 8b214000 (b9400000)\n---[ end trace 0000000000000000 ]---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71229",
"url": "https://www.suse.com/security/cve/CVE-2025-71229"
},
{
"category": "external",
"summary": "SUSE Bug 1258415 for CVE-2025-71229",
"url": "https://bugzilla.suse.com/1258415"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-71229"
},
{
"cve": "CVE-2025-71230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: ensure sb-\u003es_fs_info is always cleaned up\n\nWhen hfs was converted to the new mount api a bug was introduced by\nchanging the allocation pattern of sb-\u003es_fs_info. If setup_bdev_super()\nfails after a new superblock has been allocated by sget_fc(), but before\nhfs_fill_super() takes ownership of the filesystem-specific s_fs_info\ndata it was leaked.\n\nFix this by freeing sb-\u003es_fs_info in hfs_kill_super().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71230",
"url": "https://www.suse.com/security/cve/CVE-2025-71230"
},
{
"category": "external",
"summary": "SUSE Bug 1258413 for CVE-2025-71230",
"url": "https://bugzilla.suse.com/1258413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-71230"
},
{
"cve": "CVE-2025-71231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode\n\nThe local variable \u0027i\u0027 is initialized with -EINVAL, but the for loop\nimmediately overwrites it and -EINVAL is never returned.\n\nIf no empty compression mode can be found, the function would return the\nout-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid\narray access in add_iaa_compression_mode().\n\nFix both issues by returning either a valid index or -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71231",
"url": "https://www.suse.com/security/cve/CVE-2025-71231"
},
{
"category": "external",
"summary": "SUSE Bug 1258424 for CVE-2025-71231",
"url": "https://bugzilla.suse.com/1258424"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-71231"
},
{
"cve": "CVE-2025-71232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Free sp in error path to fix system crash\n\nSystem crash seen during load/unload test in a loop,\n\n[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.\n[61110.467494] =============================================================================\n[61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()\n[61110.467501] -----------------------------------------------------------------------------\n\n[61110.467502] Slab 0x000000000ffc8162 objects=51 used=1 fp=0x00000000e25d3d85 flags=0x57ffffc0010200(slab|head|node=1|zone=2|lastcpupid=0x1fffff)\n[61110.467509] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467513] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467515] Call Trace:\n[61110.467516] \u003cTASK\u003e\n[61110.467519] dump_stack_lvl+0x34/0x48\n[61110.467526] slab_err.cold+0x53/0x67\n[61110.467534] __kmem_cache_shutdown+0x16e/0x320\n[61110.467540] kmem_cache_destroy+0x51/0x160\n[61110.467544] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467607] ? __do_sys_delete_module.constprop.0+0x178/0x280\n[61110.467613] ? syscall_trace_enter.constprop.0+0x145/0x1d0\n[61110.467616] ? do_syscall_64+0x5c/0x90\n[61110.467619] ? exc_page_fault+0x62/0x150\n[61110.467622] ? entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[61110.467626] \u003c/TASK\u003e\n[61110.467627] Disabling lock debugging due to kernel taint\n[61110.467635] Object 0x0000000026f7e6e6 @offset=16000\n[61110.467639] ------------[ cut here ]------------\n[61110.467639] kmem_cache_destroy qla2xxx_srbs: Slab cache still has objects when called from qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467659] WARNING: CPU: 53 PID: 455206 at mm/slab_common.c:520 kmem_cache_destroy+0x14d/0x160\n[61110.467718] CPU: 53 PID: 455206 Comm: rmmod Kdump: loaded Tainted: G B OE -------- --- 5.14.0-284.11.1.el9_2.x86_64 #1\n[61110.467720] Hardware name: HPE ProLiant DL385 Gen10 Plus v2/ProLiant DL385 Gen10 Plus v2, BIOS A42 08/17/2023\n[61110.467721] RIP: 0010:kmem_cache_destroy+0x14d/0x160\n[61110.467724] Code: 99 7d 07 00 48 89 ef e8 e1 6a 07 00 eb b3 48 8b 55 60 48 8b 4c 24 20 48 c7 c6 70 fc 66 90 48 c7 c7 f8 ef a1 90 e8 e1 ed 7c 00 \u003c0f\u003e 0b eb 93 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 55 48 89\n[61110.467725] RSP: 0018:ffffa304e489fe80 EFLAGS: 00010282\n[61110.467727] RAX: 0000000000000000 RBX: ffffffffc0d9a860 RCX: 0000000000000027\n[61110.467729] RDX: ffff8fd5ff9598a8 RSI: 0000000000000001 RDI: ffff8fd5ff9598a0\n[61110.467730] RBP: ffff8fb6aaf78700 R08: 0000000000000000 R09: 0000000100d863b7\n[61110.467731] R10: ffffa304e489fd20 R11: ffffffff913bef48 R12: 0000000040002000\n[61110.467731] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[61110.467733] FS: 00007f64c89fb740(0000) GS:ffff8fd5ff940000(0000) knlGS:0000000000000000\n[61110.467734] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[61110.467735] CR2: 00007f0f02bfe000 CR3: 00000020ad6dc005 CR4: 0000000000770ee0\n[61110.467736] PKRU: 55555554\n[61110.467737] Call Trace:\n[61110.467738] \u003cTASK\u003e\n[61110.467739] qla2x00_module_exit+0x93/0x99 [qla2xxx]\n[61110.467755] ? __do_sys_delete_module.constprop.0+0x178/0x280\n\nFree sp in the error path to fix the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71232",
"url": "https://www.suse.com/security/cve/CVE-2025-71232"
},
{
"category": "external",
"summary": "SUSE Bug 1258422 for CVE-2025-71232",
"url": "https://bugzilla.suse.com/1258422"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-71232"
},
{
"cve": "CVE-2025-71233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Avoid creating sub-groups asynchronously\n\nThe asynchronous creation of sub-groups by a delayed work could lead to a\nNULL pointer dereference when the driver directory is removed before the\nwork completes.\n\nThe crash can be easily reproduced with the following commands:\n\n # cd /sys/kernel/config/pci_ep/functions/pci_epf_test\n # for i in {1..20}; do mkdir test \u0026\u0026 rmdir test; done\n\n BUG: kernel NULL pointer dereference, address: 0000000000000088\n ...\n Call Trace:\n configfs_register_group+0x3d/0x190\n pci_epf_cfs_work+0x41/0x110\n process_one_work+0x18f/0x350\n worker_thread+0x25a/0x3a0\n\nFix this issue by using configfs_add_default_group() API which does not\nhave the deadlock problem as configfs_register_group() and does not require\nthe delayed work handler.\n\n[mani: slightly reworded the description and added stable list]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71233",
"url": "https://www.suse.com/security/cve/CVE-2025-71233"
},
{
"category": "external",
"summary": "SUSE Bug 1258421 for CVE-2025-71233",
"url": "https://bugzilla.suse.com/1258421"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-71233"
},
{
"cve": "CVE-2025-71234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71234"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add\n\nThe driver does not set hw-\u003esta_data_size, which causes mac80211 to\nallocate insufficient space for driver private station data in\n__sta_info_alloc(). When rtl8xxxu_sta_add() accesses members of\nstruct rtl8xxxu_sta_info through sta-\u003edrv_priv, this results in a\nslab-out-of-bounds write.\n\nKASAN report on RISC-V (VisionFive 2) with RTL8192EU adapter:\n\n BUG: KASAN: slab-out-of-bounds in rtl8xxxu_sta_add+0x31c/0x346\n Write of size 8 at addr ffffffd6d3e9ae88 by task kworker/u16:0/12\n\nSet hw-\u003esta_data_size to sizeof(struct rtl8xxxu_sta_info) during\nprobe, similar to how hw-\u003evif_data_size is configured. This ensures\nmac80211 allocates sufficient space for the driver\u0027s per-station\nprivate data.\n\nTested on StarFive VisionFive 2 v1.2A board.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71234",
"url": "https://www.suse.com/security/cve/CVE-2025-71234"
},
{
"category": "external",
"summary": "SUSE Bug 1258419 for CVE-2025-71234",
"url": "https://bugzilla.suse.com/1258419"
},
{
"category": "external",
"summary": "SUSE Bug 1258420 for CVE-2025-71234",
"url": "https://bugzilla.suse.com/1258420"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-71234"
},
{
"cve": "CVE-2025-71235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Delay module unload while fabric scan in progress\n\nSystem crash seen during load/unload test in a loop.\n\n[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086\n[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0\n[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000\n[105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0000) knlGS:0000000000000000\n[105954.384925] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[105954.384926] CR2: 000055d31ce1d6a0 CR3: 0000000119f5e001 CR4: 0000000000770ee0\n[105954.384928] PKRU: 55555554\n[105954.384929] Call Trace:\n[105954.384931] \u003cIRQ\u003e\n[105954.384934] qla24xx_sp_unmap+0x1f3/0x2a0 [qla2xxx]\n[105954.384962] ? qla_async_scan_sp_done+0x114/0x1f0 [qla2xxx]\n[105954.384980] ? qla24xx_els_ct_entry+0x4de/0x760 [qla2xxx]\n[105954.384999] ? __wake_up_common+0x80/0x190\n[105954.385004] ? qla24xx_process_response_queue+0xc2/0xaa0 [qla2xxx]\n[105954.385023] ? qla24xx_msix_rsp_q+0x44/0xb0 [qla2xxx]\n[105954.385040] ? __handle_irq_event_percpu+0x3d/0x190\n[105954.385044] ? handle_irq_event+0x58/0xb0\n[105954.385046] ? handle_edge_irq+0x93/0x240\n[105954.385050] ? __common_interrupt+0x41/0xa0\n[105954.385055] ? common_interrupt+0x3e/0xa0\n[105954.385060] ? asm_common_interrupt+0x22/0x40\n\nThe root cause of this was that there was a free (dma_free_attrs) in the\ninterrupt context. There was a device discovery/fabric scan in\nprogress. A module unload was issued which set the UNLOADING flag. As\npart of the discovery, after receiving an interrupt a work queue was\nscheduled (which involved a work to be queued). Since the UNLOADING\nflag is set, the work item was not allocated and the mapped memory had\nto be freed. The free occurred in interrupt context leading to system\ncrash. Delay the driver unload until the fabric scan is complete to\navoid the crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71235",
"url": "https://www.suse.com/security/cve/CVE-2025-71235"
},
{
"category": "external",
"summary": "SUSE Bug 1258469 for CVE-2025-71235",
"url": "https://bugzilla.suse.com/1258469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-71235"
},
{
"cve": "CVE-2025-71236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Validate sp before freeing associated memory\n\nSystem crash with the following signature\n[154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete\n[154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.\n[154564.169405] qla2xxx [0000:b0:00.1]-ffffff:2: SET ZIO Activity exchange threshold to 5.\n[154565.539974] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed - 0078 0080 0000.\n[154565.545744] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed - 0078 00a0 0000.\n[154565.545857] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.552760] qla2xxx [0000:b0:00.1]-11a2:2: FEC=enabled (data rate).\n[154565.553079] BUG: kernel NULL pointer dereference, address: 00000000000000f8\n[154565.553080] #PF: supervisor read access in kernel mode\n[154565.553082] #PF: error_code(0x0000) - not-present page\n[154565.553084] PGD 80000010488ab067 P4D 80000010488ab067 PUD 104978a067 PMD 0\n[154565.553089] Oops: 0000 1 PREEMPT SMP PTI\n[154565.553092] CPU: 10 PID: 858 Comm: qla2xxx_2_dpc Kdump: loaded Tainted: G OE ------- --- 5.14.0-503.11.1.el9_5.x86_64 #1\n[154565.553096] Hardware name: HPE Synergy 660 Gen10/Synergy 660 Gen10 Compute Module, BIOS I43 09/30/2024\n[154565.553097] RIP: 0010:qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553141] Code: 00 00 e8 58 a3 ec d4 49 89 e9 ba 12 20 00 00 4c 89 e6 49 c7 c0 00 ee a8 c0 48 c7 c1 66 c0 a9 c0 bf 00 80 00 10 e8 15 69 00 00 \u003c4c\u003e 8b 8d f8 00 00 00 4d 85 c9 74 35 49 8b 84 24 00 19 00 00 48 8b\n[154565.553143] RSP: 0018:ffffb4dbc8aebdd0 EFLAGS: 00010286\n[154565.553145] RAX: 0000000000000000 RBX: ffff8ec2cf0908d0 RCX: 0000000000000002\n[154565.553147] RDX: 0000000000000000 RSI: ffffffffc0a9c896 RDI: ffffb4dbc8aebd47\n[154565.553148] RBP: 0000000000000000 R08: ffffb4dbc8aebd45 R09: 0000000000ffff0a\n[154565.553150] R10: 0000000000000000 R11: 000000000000000f R12: ffff8ec2cf0908d0\n[154565.553151] R13: ffff8ec2cf090900 R14: 0000000000000102 R15: ffff8ec2cf084000\n[154565.553152] FS: 0000000000000000(0000) GS:ffff8ed27f800000(0000) knlGS:0000000000000000\n[154565.553154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[154565.553155] CR2: 00000000000000f8 CR3: 000000113ae0a005 CR4: 00000000007706f0\n[154565.553157] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[154565.553158] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[154565.553159] PKRU: 55555554\n[154565.553160] Call Trace:\n[154565.553162] \u003cTASK\u003e\n[154565.553165] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553172] ? show_trace_log_lvl+0x1c4/0x2df\n[154565.553177] ? qla_fab_async_scan.part.0+0x40b/0x870 [qla2xxx]\n[154565.553215] ? __die_body.cold+0x8/0xd\n[154565.553218] ? page_fault_oops+0x134/0x170\n[154565.553223] ? snprintf+0x49/0x70\n[154565.553229] ? exc_page_fault+0x62/0x150\n[154565.553238] ? asm_exc_page_fault+0x22/0x30\n\nCheck for sp being non NULL before freeing any associated memory",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71236",
"url": "https://www.suse.com/security/cve/CVE-2025-71236"
},
{
"category": "external",
"summary": "SUSE Bug 1258442 for CVE-2025-71236",
"url": "https://bugzilla.suse.com/1258442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-71236"
},
{
"cve": "CVE-2025-71237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71237"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: Fix potential block overflow that cause system hang\n\nWhen a user executes the FITRIM command, an underflow can occur when\ncalculating nblocks if end_block is too small. Since nblocks is of\ntype sector_t, which is u64, a negative nblocks value will become a\nvery large positive integer. This ultimately leads to the block layer\nfunction __blkdev_issue_discard() taking an excessively long time to\nprocess the bio chain, and the ns_segctor_sem lock remains held for a\nlong period. This prevents other tasks from acquiring the ns_segctor_sem\nlock, resulting in the hang reported by syzbot in [1].\n\nIf the ending block is too small, typically if it is smaller than 4KiB\nrange, depending on the usage of the segment 0, it may be possible to\nattempt a discard request beyond the device size causing the hang.\n\nExiting successfully and assign the discarded size (0 in this case)\nto range-\u003elen.\n\nAlthough the start and len values in the user input range are too small,\na conservative strategy is adopted here to safely ignore them, which is\nequivalent to a no-op; it will not perform any trimming and will not\nthrow an error.\n\n[1]\ntask:segctord state:D stack:28968 pid:6093 tgid:6093 ppid:2 task_flags:0x200040 flags:0x00080000\nCall Trace:\n rwbase_write_lock+0x3dd/0x750 kernel/locking/rwbase_rt.c:272\n nilfs_transaction_lock+0x253/0x4c0 fs/nilfs2/segment.c:357\n nilfs_segctor_thread_construct fs/nilfs2/segment.c:2569 [inline]\n nilfs_segctor_thread+0x6ec/0xe00 fs/nilfs2/segment.c:2684\n\n[ryusuke: corrected part of the commit message about the consequences]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71237",
"url": "https://www.suse.com/security/cve/CVE-2025-71237"
},
{
"category": "external",
"summary": "SUSE Bug 1258467 for CVE-2025-71237",
"url": "https://bugzilla.suse.com/1258467"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-71237"
},
{
"cve": "CVE-2025-71238",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71238"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix bsg_done() causing double free\n\nKernel panic observed on system,\n\n[5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000\n[5353358.825194] #PF: supervisor write access in kernel mode\n[5353358.825195] #PF: error_code(0x0002) - not-present page\n[5353358.825196] PGD 100006067 P4D 0\n[5353358.825198] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[5353358.825200] CPU: 5 PID: 2132085 Comm: qlafwupdate.sub Kdump: loaded Tainted: G W L ------- --- 5.14.0-503.34.1.el9_5.x86_64 #1\n[5353358.825203] Hardware name: HPE ProLiant DL360 Gen11/ProLiant DL360 Gen11, BIOS 2.44 01/17/2025\n[5353358.825204] RIP: 0010:memcpy_erms+0x6/0x10\n[5353358.825211] RSP: 0018:ff591da8f4f6b710 EFLAGS: 00010246\n[5353358.825212] RAX: ff5f5e897b024000 RBX: 0000000000007090 RCX: 0000000000001000\n[5353358.825213] RDX: 0000000000001000 RSI: ff591da8f4fed090 RDI: ff5f5e897b024000\n[5353358.825214] RBP: 0000000000010000 R08: ff5f5e897b024000 R09: 0000000000000000\n[5353358.825215] R10: ff46cf8c40517000 R11: 0000000000000001 R12: 0000000000008090\n[5353358.825216] R13: ff591da8f4f6b720 R14: 0000000000001000 R15: 0000000000000000\n[5353358.825218] FS: 00007f1e88d47740(0000) GS:ff46cf935f940000(0000) knlGS:0000000000000000\n[5353358.825219] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[5353358.825220] CR2: ff5f5e897b024000 CR3: 0000000231532004 CR4: 0000000000771ef0\n[5353358.825221] PKRU: 55555554\n[5353358.825222] Call Trace:\n[5353358.825223] \u003cTASK\u003e\n[5353358.825224] ? show_trace_log_lvl+0x1c4/0x2df\n[5353358.825229] ? show_trace_log_lvl+0x1c4/0x2df\n[5353358.825232] ? sg_copy_buffer+0xc8/0x110\n[5353358.825236] ? __die_body.cold+0x8/0xd\n[5353358.825238] ? page_fault_oops+0x134/0x170\n[5353358.825242] ? kernelmode_fixup_or_oops+0x84/0x110\n[5353358.825244] ? exc_page_fault+0xa8/0x150\n[5353358.825247] ? asm_exc_page_fault+0x22/0x30\n[5353358.825252] ? memcpy_erms+0x6/0x10\n[5353358.825253] sg_copy_buffer+0xc8/0x110\n[5353358.825259] qla2x00_process_vendor_specific+0x652/0x1320 [qla2xxx]\n[5353358.825317] qla24xx_bsg_request+0x1b2/0x2d0 [qla2xxx]\n\nMost routines in qla_bsg.c call bsg_done() only for success cases.\nHowever a few invoke it for failure case as well leading to a double\nfree. Validate before calling bsg_done().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71238",
"url": "https://www.suse.com/security/cve/CVE-2025-71238"
},
{
"category": "external",
"summary": "SUSE Bug 1259186 for CVE-2025-71238",
"url": "https://bugzilla.suse.com/1259186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-71238"
},
{
"cve": "CVE-2026-23220",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23220"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths\n\nThe problem occurs when a signed request fails smb2 signature verification\ncheck. In __process_request(), if check_sign_req() returns an error,\nset_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called.\nset_smb2_rsp_status() set work-\u003enext_smb2_rcv_hdr_off as zero. By resetting\nnext_smb2_rcv_hdr_off to zero, the pointer to the next command in the chain\nis lost. Consequently, is_chained_smb2_message() continues to point to\nthe same request header instead of advancing. If the header\u0027s NextCommand\nfield is non-zero, the function returns true, causing __handle_ksmbd_work()\nto repeatedly process the same failed request in an infinite loop.\nThis results in the kernel log being flooded with \"bad smb2 signature\"\nmessages and high CPU usage.\n\nThis patch fixes the issue by changing the return value from\nSERVER_HANDLER_CONTINUE to SERVER_HANDLER_ABORT. This ensures that\nthe processing loop terminates immediately rather than attempting to\ncontinue from an invalidated offset.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23220",
"url": "https://www.suse.com/security/cve/CVE-2026-23220"
},
{
"category": "external",
"summary": "SUSE Bug 1258432 for CVE-2026-23220",
"url": "https://bugzilla.suse.com/1258432"
},
{
"category": "external",
"summary": "SUSE Bug 1258433 for CVE-2026-23220",
"url": "https://bugzilla.suse.com/1258433"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-23220"
},
{
"cve": "CVE-2026-23221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23221"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: fsl-mc: fix use-after-free in driver_override_show()\n\nThe driver_override_show() function reads the driver_override string\nwithout holding the device_lock. However, driver_override_store() uses\ndriver_set_override(), which modifies and frees the string while holding\nthe device_lock.\n\nThis can result in a concurrent use-after-free if the string is freed\nby the store function while being read by the show function.\n\nFix this by holding the device_lock around the read operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23221",
"url": "https://www.suse.com/security/cve/CVE-2026-23221"
},
{
"category": "external",
"summary": "SUSE Bug 1258660 for CVE-2026-23221",
"url": "https://bugzilla.suse.com/1258660"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23221"
},
{
"cve": "CVE-2026-23222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23222"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly\n\nThe existing allocation of scatterlists in omap_crypto_copy_sg_lists()\nwas allocating an array of scatterlist pointers, not scatterlist objects,\nresulting in a 4x too small allocation.\n\nUse sizeof(*new_sg) to get the correct object size.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23222",
"url": "https://www.suse.com/security/cve/CVE-2026-23222"
},
{
"category": "external",
"summary": "SUSE Bug 1258484 for CVE-2026-23222",
"url": "https://bugzilla.suse.com/1258484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23222"
},
{
"cve": "CVE-2026-23223",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23223"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix UAF in xchk_btree_check_block_owner\n\nWe cannot dereference bs-\u003ecur when trying to determine if bs-\u003ecur\naliases bs-\u003esc-\u003esa.{bno,rmap}_cur after the latter has been freed.\nFix this by sampling before type before any freeing could happen.\nThe correct temporal ordering was broken when we removed xfs_btnum_t.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23223",
"url": "https://www.suse.com/security/cve/CVE-2026-23223"
},
{
"category": "external",
"summary": "SUSE Bug 1258483 for CVE-2026-23223",
"url": "https://bugzilla.suse.com/1258483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23223"
},
{
"cve": "CVE-2026-23224",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23224"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix UAF issue for file-backed mounts w/ directio option\n\n[ 9.269940][ T3222] Call trace:\n[ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108\n[ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198\n[ 9.269993][ T3222] erofs_fileio_rq_submit+0x12c/0x180\n[ 9.270008][ T3222] erofs_fileio_submit_bio+0x14/0x24\n[ 9.270030][ T3222] z_erofs_runqueue+0x834/0x8ac\n[ 9.270054][ T3222] z_erofs_read_folio+0x120/0x220\n[ 9.270083][ T3222] filemap_read_folio+0x60/0x120\n[ 9.270102][ T3222] filemap_fault+0xcac/0x1060\n[ 9.270119][ T3222] do_pte_missing+0x2d8/0x1554\n[ 9.270131][ T3222] handle_mm_fault+0x5ec/0x70c\n[ 9.270142][ T3222] do_page_fault+0x178/0x88c\n[ 9.270167][ T3222] do_translation_fault+0x38/0x54\n[ 9.270183][ T3222] do_mem_abort+0x54/0xac\n[ 9.270208][ T3222] el0_da+0x44/0x7c\n[ 9.270227][ T3222] el0t_64_sync_handler+0x5c/0xf4\n[ 9.270253][ T3222] el0t_64_sync+0x1bc/0x1c0\n\nEROFS may encounter above panic when enabling file-backed mount w/\ndirectio mount option, the root cause is it may suffer UAF in below\nrace condition:\n\n- z_erofs_read_folio wq s_dio_done_wq\n - z_erofs_runqueue\n - erofs_fileio_submit_bio\n - erofs_fileio_rq_submit\n - vfs_iocb_iter_read\n - ext4_file_read_iter\n - ext4_dio_read_iter\n - iomap_dio_rw\n : bio was submitted and return -EIOCBQUEUED\n - dio_aio_complete_work\n - dio_complete\n - dio-\u003eiocb-\u003eki_complete (erofs_fileio_ki_complete())\n - kfree(rq)\n : it frees iocb, iocb.ki_filp can be UAF in file_accessed().\n - file_accessed\n : access NULL file point\n\nIntroduce a reference count in struct erofs_fileio_rq, and initialize it\nas two, both erofs_fileio_ki_complete() and erofs_fileio_rq_submit() will\ndecrease reference count, the last one decreasing the reference count\nto zero will free rq.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23224",
"url": "https://www.suse.com/security/cve/CVE-2026-23224"
},
{
"category": "external",
"summary": "SUSE Bug 1258461 for CVE-2026-23224",
"url": "https://bugzilla.suse.com/1258461"
},
{
"category": "external",
"summary": "SUSE Bug 1258463 for CVE-2026-23224",
"url": "https://bugzilla.suse.com/1258463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-23224"
},
{
"cve": "CVE-2026-23225",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23225"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/mmcid: Don\u0027t assume CID is CPU owned on mode switch\n\nShinichiro reported a KASAN UAF, which is actually an out of bounds access\nin the MMCID management code.\n\n CPU0\t\t\t\t\t\tCPU1\n \t\t\t\t\t\tT1 runs in userspace\n T0: fork(T4) -\u003e Switch to per CPU CID mode\n fixup() set MM_CID_TRANSIT on T1/CPU1\n T4 exit()\n T3 exit()\n T2 exit()\n\t\t\t\t\t\tT1 exit() switch to per task mode\n\t\t\t\t\t\t ---\u003e Out of bounds access.\n\nAs T1 has not scheduled after T0 set the TRANSIT bit, it exits with the\nTRANSIT bit set. sched_mm_cid_remove_user() clears the TRANSIT bit in\nthe task and drops the CID, but it does not touch the per CPU storage.\nThat\u0027s functionally correct because a CID is only owned by the CPU when\nthe ONCPU bit is set, which is mutually exclusive with the TRANSIT flag.\n\nNow sched_mm_cid_exit() assumes that the CID is CPU owned because the\nprior mode was per CPU. It invokes mm_drop_cid_on_cpu() which clears the\nnot set ONCPU bit and then invokes clear_bit() with an insanely large\nbit number because TRANSIT is set (bit 29).\n\nPrevent that by actually validating that the CID is CPU owned in\nmm_drop_cid_on_cpu().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23225",
"url": "https://www.suse.com/security/cve/CVE-2026-23225"
},
{
"category": "external",
"summary": "SUSE Bug 1258474 for CVE-2026-23225",
"url": "https://bugzilla.suse.com/1258474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23225"
},
{
"cve": "CVE-2026-23226",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23226"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: add chann_lock to protect ksmbd_chann_list xarray\n\nksmbd_chann_list xarray lacks synchronization, allowing use-after-free in\nmulti-channel sessions (between lookup_chann_list() and ksmbd_chann_del).\n\nAdds rw_semaphore chann_lock to struct ksmbd_session and protects\nall xa_load/xa_store/xa_erase accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23226",
"url": "https://www.suse.com/security/cve/CVE-2026-23226"
},
{
"category": "external",
"summary": "SUSE Bug 1258820 for CVE-2026-23226",
"url": "https://bugzilla.suse.com/1258820"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23226"
},
{
"cve": "CVE-2026-23227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos: vidi: use ctx-\u003elock to protect struct vidi_context member variables related to memory alloc/free\n\nExynos Virtual Display driver performs memory alloc/free operations\nwithout lock protection, which easily causes concurrency problem.\n\nFor example, use-after-free can occur in race scenario like this:\n```\n\tCPU0\t\t\t\tCPU1\t\t\t\tCPU2\n\t----\t\t\t\t----\t\t\t\t----\n vidi_connection_ioctl()\n if (vidi-\u003econnection) // true\n drm_edid = drm_edid_alloc(); // alloc drm_edid\n ...\n ctx-\u003eraw_edid = drm_edid;\n ...\n\t\t\t\t\t\t\t\tdrm_mode_getconnector()\n\t\t\t\t\t\t\t\t drm_helper_probe_single_connector_modes()\n\t\t\t\t\t\t\t\t vidi_get_modes()\n\t\t\t\t\t\t\t\t if (ctx-\u003eraw_edid) // true\n\t\t\t\t\t\t\t\t drm_edid_dup(ctx-\u003eraw_edid);\n\t\t\t\t\t\t\t\t if (!drm_edid) // false\n\t\t\t\t\t\t\t\t ...\n\t\t\t\tvidi_connection_ioctl()\n\t\t\t\t if (vidi-\u003econnection) // false\n\t\t\t\t drm_edid_free(ctx-\u003eraw_edid); // free drm_edid\n\t\t\t\t ...\n\t\t\t\t\t\t\t\t drm_edid_alloc(drm_edid-\u003eedid)\n\t\t\t\t\t\t\t\t kmemdup(edid); // UAF!!\n\t\t\t\t\t\t\t\t ...\n```\n\nTo prevent these vulns, at least in vidi_context, member variables related\nto memory alloc/free should be protected with ctx-\u003elock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23227",
"url": "https://www.suse.com/security/cve/CVE-2026-23227"
},
{
"category": "external",
"summary": "SUSE Bug 1258472 for CVE-2026-23227",
"url": "https://bugzilla.suse.com/1258472"
},
{
"category": "external",
"summary": "SUSE Bug 1258473 for CVE-2026-23227",
"url": "https://bugzilla.suse.com/1258473"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-23227"
},
{
"cve": "CVE-2026-23228",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23228"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()\n\nOn kthread_run() failure in ksmbd_tcp_new_connection(), the transport is\nfreed via free_transport(), which does not decrement active_num_conn,\nleaking this counter.\n\nReplace free_transport() with ksmbd_tcp_disconnect().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23228",
"url": "https://www.suse.com/security/cve/CVE-2026-23228"
},
{
"category": "external",
"summary": "SUSE Bug 1258431 for CVE-2026-23228",
"url": "https://bugzilla.suse.com/1258431"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23228"
},
{
"cve": "CVE-2026-23229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23229"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio - Add spinlock protection with virtqueue notification\n\nWhen VM boots with one virtio-crypto PCI device and builtin backend,\nrun openssl benchmark command with multiple processes, such as\n openssl speed -evp aes-128-cbc -engine afalg -seconds 10 -multi 32\n\nopenssl processes will hangup and there is error reported like this:\n virtio_crypto virtio0: dataq.0:id 3 is not a head!\n\nIt seems that the data virtqueue need protection when it is handled\nfor virtio done notification. If the spinlock protection is added\nin virtcrypto_done_task(), openssl benchmark with multiple processes\nworks well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23229",
"url": "https://www.suse.com/security/cve/CVE-2026-23229"
},
{
"category": "external",
"summary": "SUSE Bug 1258429 for CVE-2026-23229",
"url": "https://bugzilla.suse.com/1258429"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23229"
},
{
"cve": "CVE-2026-23230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23230"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: split cached_fid bitfields to avoid shared-byte RMW races\n\nis_open, has_lease and on_list are stored in the same bitfield byte in\nstruct cached_fid but are updated in different code paths that may run\nconcurrently. Bitfield assignments generate byte read-modify-write\noperations (e.g. `orb $mask, addr` on x86_64), so updating one flag can\nrestore stale values of the others.\n\nA possible interleaving is:\n CPU1: load old byte (has_lease=1, on_list=1)\n CPU2: clear both flags (store 0)\n CPU1: RMW store (old | IS_OPEN) -\u003e reintroduces cleared bits\n\nTo avoid this class of races, convert these flags to separate bool\nfields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23230",
"url": "https://www.suse.com/security/cve/CVE-2026-23230"
},
{
"category": "external",
"summary": "SUSE Bug 1258430 for CVE-2026-23230",
"url": "https://bugzilla.suse.com/1258430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23230"
},
{
"cve": "CVE-2026-23231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nf_tables_addchain()\n\nnf_tables_addchain() publishes the chain to table-\u003echains via\nlist_add_tail_rcu() (in nft_chain_add()) before registering hooks.\nIf nf_tables_register_hook() then fails, the error path calls\nnft_chain_del() (list_del_rcu()) followed by nf_tables_chain_destroy()\nwith no RCU grace period in between.\n\nThis creates two use-after-free conditions:\n\n 1) Control-plane: nf_tables_dump_chains() traverses table-\u003echains\n under rcu_read_lock(). A concurrent dump can still be walking\n the chain when the error path frees it.\n\n 2) Packet path: for NFPROTO_INET, nf_register_net_hook() briefly\n installs the IPv4 hook before IPv6 registration fails. Packets\n entering nft_do_chain() via the transient IPv4 hook can still be\n dereferencing chain-\u003eblob_gen_X when the error path frees the\n chain.\n\nAdd synchronize_rcu() between nft_chain_del() and the chain destroy\nso that all RCU readers -- both dump threads and in-flight packet\nevaluation -- have finished before the chain is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23231",
"url": "https://www.suse.com/security/cve/CVE-2026-23231"
},
{
"category": "external",
"summary": "SUSE Bug 1259188 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259188"
},
{
"category": "external",
"summary": "SUSE Bug 1259189 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-23231"
},
{
"cve": "CVE-2026-23232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23232"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"\n\nThis reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.\n\nOriginal patch may cause below deadlock, revert it.\n\nwrite\t\t\t\tremount\n- write_begin\n - lock_page --- lock A\n - prepare_write_begin\n - f2fs_map_lock\n\t\t\t\t- f2fs_enable_checkpoint\n\t\t\t\t - down_write(cp_enable_rwsem) --- lock B\n\t\t\t\t - sync_inode_sb\n\t\t\t\t - writepages\n\t\t\t\t - lock_page\t\t\t--- lock A\n - down_read(cp_enable_rwsem) --- lock A",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23232",
"url": "https://www.suse.com/security/cve/CVE-2026-23232"
},
{
"category": "external",
"summary": "SUSE Bug 1259192 for CVE-2026-23232",
"url": "https://bugzilla.suse.com/1259192"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23232"
},
{
"cve": "CVE-2026-23233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23233"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid mapping wrong physical block for swapfile\n\nXiaolong Guo reported a f2fs bug in bugzilla [1]\n\n[1] https://bugzilla.kernel.org/show_bug.cgi?id=220951\n\nQuoted:\n\n\"When using stress-ng\u0027s swap stress test on F2FS filesystem with kernel 6.6+,\nthe system experiences data corruption leading to either:\n1 dm-verity corruption errors and device reboot\n2 F2FS node corruption errors and boot hangs\n\nThe issue occurs specifically when:\n1 Using F2FS filesystem (ext4 is unaffected)\n2 Swapfile size is less than F2FS section size (2MB)\n3 Swapfile has fragmented physical layout (multiple non-contiguous extents)\n4 Kernel version is 6.6+ (6.1 is unaffected)\n\nThe root cause is in check_swap_activate() function in fs/f2fs/data.c. When the\nfirst extent of a small swapfile (\u003c 2MB) is not aligned to section boundaries,\nthe function incorrectly treats it as the last extent, failing to map\nsubsequent extents. This results in incorrect swap_extent creation where only\nthe first extent is mapped, causing subsequent swap writes to overwrite wrong\nphysical locations (other files\u0027 data).\n\nSteps to Reproduce\n1 Setup a device with F2FS-formatted userdata partition\n2 Compile stress-ng from https://github.com/ColinIanKing/stress-ng\n3 Run swap stress test: (Android devices)\nadb shell \"cd /data/stressng; ./stress-ng-64 --metrics-brief --timeout 60\n--swap 0\"\n\nLog:\n1 Ftrace shows in kernel 6.6, only first extent is mapped during second\nf2fs_map_blocks call in check_swap_activate():\nstress-ng-swap-8990: f2fs_map_blocks: ino=11002, file offset=0, start\nblkaddr=0x43143, len=0x1\n(Only 4KB mapped, not the full swapfile)\n2 in kernel 6.1, both extents are correctly mapped:\nstress-ng-swap-5966: f2fs_map_blocks: ino=28011, file offset=0, start\nblkaddr=0x13cd4, len=0x1\nstress-ng-swap-5966: f2fs_map_blocks: ino=28011, file offset=1, start\nblkaddr=0x60c84b, len=0xff\n\nThe problematic code is in check_swap_activate():\nif ((pblock - SM_I(sbi)-\u003emain_blkaddr) % blks_per_sec ||\n nr_pblocks % blks_per_sec ||\n !f2fs_valid_pinned_area(sbi, pblock)) {\n bool last_extent = false;\n\n not_aligned++;\n\n nr_pblocks = roundup(nr_pblocks, blks_per_sec);\n if (cur_lblock + nr_pblocks \u003e sis-\u003emax)\n nr_pblocks -= blks_per_sec;\n\n /* this extent is last one */\n if (!nr_pblocks) {\n nr_pblocks = last_lblock - cur_lblock;\n last_extent = true;\n }\n\n ret = f2fs_migrate_blocks(inode, cur_lblock, nr_pblocks);\n if (ret) {\n if (ret == -ENOENT)\n ret = -EINVAL;\n goto out;\n }\n\n if (!last_extent)\n goto retry;\n}\n\nWhen the first extent is unaligned and roundup(nr_pblocks, blks_per_sec)\nexceeds sis-\u003emax, we subtract blks_per_sec resulting in nr_pblocks = 0. The\ncode then incorrectly assumes this is the last extent, sets nr_pblocks =\nlast_lblock - cur_lblock (entire swapfile), and performs migration. After\nmigration, it doesn\u0027t retry mapping, so subsequent extents are never processed.\n\"\n\nIn order to fix this issue, we need to lookup block mapping info after\nwe migrate all blocks in the tail of swapfile.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23233",
"url": "https://www.suse.com/security/cve/CVE-2026-23233"
},
{
"category": "external",
"summary": "SUSE Bug 1259193 for CVE-2026-23233",
"url": "https://bugzilla.suse.com/1259193"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-23233"
},
{
"cve": "CVE-2026-23234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23234"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid UAF in f2fs_write_end_io()\n\nAs syzbot reported an use-after-free issue in f2fs_write_end_io().\n\nIt is caused by below race condition:\n\nloop device\t\t\t\tumount\n- worker_thread\n - loop_process_work\n - do_req_filebacked\n - lo_rw_aio\n - lo_rw_aio_complete\n - blk_mq_end_request\n - blk_update_request\n - f2fs_write_end_io\n - dec_page_count\n - folio_end_writeback\n\t\t\t\t\t- kill_f2fs_super\n\t\t\t\t\t - kill_block_super\n\t\t\t\t\t - f2fs_put_super\n\t\t\t\t\t : free(sbi)\n : get_pages(, F2FS_WB_CP_DATA)\n accessed sbi which is freed\n\nIn kill_f2fs_super(), we will drop all page caches of f2fs inodes before\ncall free(sbi), it guarantee that all folios should end its writeback, so\nit should be safe to access sbi before last folio_end_writeback().\n\nLet\u0027s relocate ckpt thread wakeup flow before folio_end_writeback() to\nresolve this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23234",
"url": "https://www.suse.com/security/cve/CVE-2026-23234"
},
{
"category": "external",
"summary": "SUSE Bug 1259194 for CVE-2026-23234",
"url": "https://bugzilla.suse.com/1259194"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-23234"
},
{
"cve": "CVE-2026-23235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23235"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix out-of-bounds access in sysfs attribute read/write\n\nSome f2fs sysfs attributes suffer from out-of-bounds memory access and\nincorrect handling of integer values whose size is not 4 bytes.\n\nFor example:\nvm:~# echo 65537 \u003e /sys/fs/f2fs/vde/carve_out\nvm:~# cat /sys/fs/f2fs/vde/carve_out\n65537\nvm:~# echo 4294967297 \u003e /sys/fs/f2fs/vde/atgc_age_threshold\nvm:~# cat /sys/fs/f2fs/vde/atgc_age_threshold\n1\n\ncarve_out maps to {struct f2fs_sb_info}-\u003ecarve_out, which is a 8-bit\ninteger. However, the sysfs interface allows setting it to a value\nlarger than 255, resulting in an out-of-range update.\n\natgc_age_threshold maps to {struct atgc_management}-\u003eage_threshold,\nwhich is a 64-bit integer, but its sysfs interface cannot correctly set\nvalues larger than UINT_MAX.\n\nThe root causes are:\n1. __sbi_store() treats all default values as unsigned int, which\nprevents updating integers larger than 4 bytes and causes out-of-bounds\nwrites for integers smaller than 4 bytes.\n\n2. f2fs_sbi_show() also assumes all default values are unsigned int,\nleading to out-of-bounds reads and incorrect access to integers larger\nthan 4 bytes.\n\nThis patch introduces {struct f2fs_attr}-\u003esize to record the actual size\nof the integer associated with each sysfs attribute. With this\ninformation, sysfs read and write operations can correctly access and\nupdate values according to their real data size, avoiding memory\ncorruption and truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23235",
"url": "https://www.suse.com/security/cve/CVE-2026-23235"
},
{
"category": "external",
"summary": "SUSE Bug 1259195 for CVE-2026-23235",
"url": "https://bugzilla.suse.com/1259195"
},
{
"category": "external",
"summary": "SUSE Bug 1259198 for CVE-2026-23235",
"url": "https://bugzilla.suse.com/1259198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-23235"
},
{
"cve": "CVE-2026-23236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23236"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: smscufx: properly copy ioctl memory to kernelspace\n\nThe UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from\nuserspace to kernelspace, and instead directly references the memory,\nwhich can cause problems if invalid data is passed from userspace. Fix\nthis all up by correctly copying the memory before accessing it within\nthe kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23236",
"url": "https://www.suse.com/security/cve/CVE-2026-23236"
},
{
"category": "external",
"summary": "SUSE Bug 1259199 for CVE-2026-23236",
"url": "https://bugzilla.suse.com/1259199"
},
{
"category": "external",
"summary": "SUSE Bug 1259200 for CVE-2026-23236",
"url": "https://bugzilla.suse.com/1259200"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-23236"
},
{
"cve": "CVE-2026-23239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: Fix race condition in espintcp_close()\n\nThis issue was discovered during a code audit.\n\nAfter cancel_work_sync() is called from espintcp_close(),\nespintcp_tx_work() can still be scheduled from paths such as\nthe Delayed ACK handler or ksoftirqd.\nAs a result, the espintcp_tx_work() worker may dereference a\nfreed espintcp ctx or sk.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\n espintcp_close()\n cancel_work_sync(\u0026ctx-\u003ework);\n espintcp_write_space()\n schedule_work(\u0026ctx-\u003ework);\n\nTo prevent this race condition, cancel_work_sync() is\nreplaced with disable_work_sync().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23239",
"url": "https://www.suse.com/security/cve/CVE-2026-23239"
},
{
"category": "external",
"summary": "SUSE Bug 1259485 for CVE-2026-23239",
"url": "https://bugzilla.suse.com/1259485"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23239"
},
{
"cve": "CVE-2026-23240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Fix race condition in tls_sw_cancel_work_tx()\n\nThis issue was discovered during a code audit.\n\nAfter cancel_delayed_work_sync() is called from tls_sk_proto_close(),\ntx_work_handler() can still be scheduled from paths such as the\nDelayed ACK handler or ksoftirqd.\nAs a result, the tx_work_handler() worker may dereference a freed\nTLS object.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\ntls_sk_proto_close()\n tls_sw_cancel_work_tx()\n tls_write_space()\n tls_sw_write_space()\n if (!test_and_set_bit(BIT_TX_SCHEDULED, \u0026tx_ctx-\u003etx_bitmask))\n set_bit(BIT_TX_SCHEDULED, \u0026ctx-\u003etx_bitmask);\n cancel_delayed_work_sync(\u0026ctx-\u003etx_work.work);\n schedule_delayed_work(\u0026tx_ctx-\u003etx_work.work, 0);\n\nTo prevent this race condition, cancel_delayed_work_sync() is\nreplaced with disable_delayed_work_sync().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23240",
"url": "https://www.suse.com/security/cve/CVE-2026-23240"
},
{
"category": "external",
"summary": "SUSE Bug 1259484 for CVE-2026-23240",
"url": "https://bugzilla.suse.com/1259484"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.19.8-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.19.8-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-18T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23240"
}
]
}
GHSA-WMJ7-XRRH-R2GJ
Vulnerability from github – Published: 2026-03-04 15:30 – Updated: 2026-03-17 21:31
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()"
This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.
Original patch may cause below deadlock, revert it.
write remount - write_begin - lock_page --- lock A - prepare_write_begin - f2fs_map_lock - f2fs_enable_checkpoint - down_write(cp_enable_rwsem) --- lock B - sync_inode_sb - writepages - lock_page --- lock A - down_read(cp_enable_rwsem) --- lock A
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-23232"
],
"database_specific": {
"cwe_ids": [
"CWE-667"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-04T15:16:13Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"\n\nThis reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.\n\nOriginal patch may cause below deadlock, revert it.\n\nwrite\t\t\t\tremount\n- write_begin\n - lock_page --- lock A\n - prepare_write_begin\n - f2fs_map_lock\n\t\t\t\t- f2fs_enable_checkpoint\n\t\t\t\t - down_write(cp_enable_rwsem) --- lock B\n\t\t\t\t - sync_inode_sb\n\t\t\t\t - writepages\n\t\t\t\t - lock_page\t\t\t--- lock A\n - down_read(cp_enable_rwsem) --- lock A",
"id": "GHSA-wmj7-xrrh-r2gj",
"modified": "2026-03-17T21:31:42Z",
"published": "2026-03-04T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23232"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3996b70209f145bfcf2afc7d05dd92c27b233b48"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b6382273801bc7c778545dd8004c9a9d750b4f62"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-0614
Vulnerability from csaf_certbund - Published: 2026-03-04 23:00 - Updated: 2026-03-04 23:00Summary
Linux Kernel: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht näher spezifizierte Angriffe durchzuführen, die möglicherweise zu einer Denial-of-Service-Bedingung führen oder eine Speicherbeschädigung verursachen können.
Betroffene Betriebssysteme: - Linux
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren, die m\u00f6glicherweise zu einer Denial-of-Service-Bedingung f\u00fchren oder eine Speicherbesch\u00e4digung verursachen k\u00f6nnen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0614 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0614.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0614 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0614"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-71238",
"url": "https://lore.kernel.org/linux-cve-announce/2026030437-CVE-2025-71238-76bc@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23231",
"url": "https://lore.kernel.org/linux-cve-announce/2026030436-CVE-2026-23231-1a96@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23232",
"url": "https://lore.kernel.org/linux-cve-announce/2026030439-CVE-2026-23232-b24d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23233",
"url": "https://lore.kernel.org/linux-cve-announce/2026030439-CVE-2026-23233-4413@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23234",
"url": "https://lore.kernel.org/linux-cve-announce/2026030439-CVE-2026-23234-5cef@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23235",
"url": "https://lore.kernel.org/linux-cve-announce/2026030440-CVE-2026-23235-3b8d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23236",
"url": "https://lore.kernel.org/linux-cve-announce/2026030440-CVE-2026-23236-b419@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23237",
"url": "https://lore.kernel.org/linux-cve-announce/2026030436-CVE-2026-23237-f6fb@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23238",
"url": "https://lore.kernel.org/linux-cve-announce/2026030436-CVE-2026-23238-47f3@gregkh/"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2026-03-05",
"url": "https://msrc.microsoft.com/update-guide/"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-04T23:00:00.000+00:00",
"generator": {
"date": "2026-03-05T12:12:29.010+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0614",
"initial_release_date": "2026-03-04T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3",
"product": {
"name": "Microsoft Azure Linux azl3",
"product_id": "T049210",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T051452",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-71238",
"product_status": {
"known_affected": [
"T049210",
"T051452"
]
},
"release_date": "2026-03-04T23:00:00.000+00:00",
"title": "CVE-2025-71238"
},
{
"cve": "CVE-2026-23231",
"product_status": {
"known_affected": [
"T049210",
"T051452"
]
},
"release_date": "2026-03-04T23:00:00.000+00:00",
"title": "CVE-2026-23231"
},
{
"cve": "CVE-2026-23232",
"product_status": {
"known_affected": [
"T049210",
"T051452"
]
},
"release_date": "2026-03-04T23:00:00.000+00:00",
"title": "CVE-2026-23232"
},
{
"cve": "CVE-2026-23233",
"product_status": {
"known_affected": [
"T049210",
"T051452"
]
},
"release_date": "2026-03-04T23:00:00.000+00:00",
"title": "CVE-2026-23233"
},
{
"cve": "CVE-2026-23234",
"product_status": {
"known_affected": [
"T049210",
"T051452"
]
},
"release_date": "2026-03-04T23:00:00.000+00:00",
"title": "CVE-2026-23234"
},
{
"cve": "CVE-2026-23235",
"product_status": {
"known_affected": [
"T049210",
"T051452"
]
},
"release_date": "2026-03-04T23:00:00.000+00:00",
"title": "CVE-2026-23235"
},
{
"cve": "CVE-2026-23236",
"product_status": {
"known_affected": [
"T049210",
"T051452"
]
},
"release_date": "2026-03-04T23:00:00.000+00:00",
"title": "CVE-2026-23236"
},
{
"cve": "CVE-2026-23237",
"product_status": {
"known_affected": [
"T049210",
"T051452"
]
},
"release_date": "2026-03-04T23:00:00.000+00:00",
"title": "CVE-2026-23237"
},
{
"cve": "CVE-2026-23238",
"product_status": {
"known_affected": [
"T049210",
"T051452"
]
},
"release_date": "2026-03-04T23:00:00.000+00:00",
"title": "CVE-2026-23238"
}
]
}
FKIE_CVE-2026-23232
Vulnerability from fkie_nvd - Published: 2026-03-04 15:16 - Updated: 2026-03-17 21:21
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()"
This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.
Original patch may cause below deadlock, revert it.
write remount
- write_begin
- lock_page --- lock A
- prepare_write_begin
- f2fs_map_lock
- f2fs_enable_checkpoint
- down_write(cp_enable_rwsem) --- lock B
- sync_inode_sb
- writepages
- lock_page --- lock A
- down_read(cp_enable_rwsem) --- lock A
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7853A337-FB2A-4E19-AB47-4E38343532AA",
"versionEndExcluding": "6.19.3",
"versionStartIncluding": "6.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"f2fs: block cache/dio write during f2fs_enable_checkpoint()\"\n\nThis reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.\n\nOriginal patch may cause below deadlock, revert it.\n\nwrite\t\t\t\tremount\n- write_begin\n - lock_page --- lock A\n - prepare_write_begin\n - f2fs_map_lock\n\t\t\t\t- f2fs_enable_checkpoint\n\t\t\t\t - down_write(cp_enable_rwsem) --- lock B\n\t\t\t\t - sync_inode_sb\n\t\t\t\t - writepages\n\t\t\t\t - lock_page\t\t\t--- lock A\n - down_read(cp_enable_rwsem) --- lock A"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Revertir \u00abf2fs: bloqueo de cach\u00e9/escritura dio durante f2fs_enable_checkpoint()\u00bb. Esto revierte la confirmaci\u00f3n 196c81fdd438f7ac429d5639090a9816abb9760a. El parche original puede causar el siguiente bloqueo, reviertelo. write remount - write_begin - lock_page --- lock A - prepare_write_begin - f2fs_map_lock - f2fs_enable_checkpoint - down_write (cp_enable_rwsem) --- bloqueo B - sync_inode_sb - writepages - lock_page --- bloqueo A - down_read(cp_enable_rwsem) --- bloqueo A"
}
],
"id": "CVE-2026-23232",
"lastModified": "2026-03-17T21:21:42.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-03-04T15:16:13.477",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3996b70209f145bfcf2afc7d05dd92c27b233b48"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/b6382273801bc7c778545dd8004c9a9d750b4f62"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…