Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-31402 (GCVE-0-2026-31402)
Vulnerability from cvelistv5 – Published: 2026-04-03 15:16 – Updated: 2026-07-08 12:05
VLAI
EPSS
VEX
Title
nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
Summary
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix heap overflow in NFSv4.0 LOCK replay cache
The NFSv4.0 replay cache uses a fixed 112-byte inline buffer
(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.
This size was calculated based on OPEN responses and does not account
for LOCK denied responses, which include the conflicting lock owner as
a variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).
When a LOCK operation is denied due to a conflict with an existing lock
that has a large owner, nfsd4_encode_operation() copies the full encoded
response into the undersized replay buffer via read_bytes_from_xdr_buf()
with no bounds check. This results in a slab-out-of-bounds write of up
to 944 bytes past the end of the buffer, corrupting adjacent heap memory.
This can be triggered remotely by an unauthenticated attacker with two
cooperating NFSv4.0 clients: one sets a lock with a large owner string,
then the other requests a conflicting lock to provoke the denial.
We could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full
opaque, but that would increase the size of every stateowner, when most
lockowners are not that large.
Instead, fix this by checking the encoded response length against
NFSD4_REPLAY_ISIZE before copying into the replay buffer. If the
response is too large, set rp_buflen to 0 to skip caching the replay
payload. The status is still cached, and the client already received the
correct response on the original request.
Severity
9.8 (Critical)
7.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
35 references
Impacted products
53 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f9fcb4441f6c02bb20c2eb340101e27dfe23607c
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 2665887a69437a8a4f552f69509eecfb73d4aa19 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c9452c0797c95cf2378170df96cf4f4b3bca7eff (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 8afb437ea1f70cacb4bbdf11771fb5c4d720b965 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0f0e2a54a31a7f9ad2915db99156114872317388 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ae8498337dfdfda71bdd0b807c9a23a126011d76 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5133b61aaf437e5f25b1b396b14242a6bb0508e2 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 5.10.253 , ≤ 5.10.* (semver) Unaffected: 5.15.210 , ≤ 5.15.* (semver) Unaffected: 6.1.167 , ≤ 6.1.* (semver) Unaffected: 6.6.130 , ≤ 6.6.* (semver) Unaffected: 6.12.78 , ≤ 6.12.* (semver) Unaffected: 6.18.20 , ≤ 6.18.* (semver) Unaffected: 6.19.10 , ≤ 6.19.* (semver) Unaffected: 7.0 , ≤ * (original_commit_for_fix) |
|
| Red Hat | Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION) |
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION) |
cpe:/o:redhat:rhel_els:6 |
|
| Red Hat | Red Hat Enterprise Linux Server (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux for Real Time (v. 7 ELS) |
cpe:/a:redhat:rhel_extras_rt_els:7 |
|
| Red Hat | Red Hat Enterprise Linux Server Optional (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 8) |
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.4) |
cpe:/o:redhat:rhel_aus:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) |
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.6) |
cpe:/o:redhat:rhel_aus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.6) |
cpe:/o:redhat:rhel_e4s:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.6) |
cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.8) |
cpe:/o:redhat:rhel_e4s:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.8) |
cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.0) |
cpe:/o:redhat:rhel_e4s:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.2) |
cpe:/o:redhat:rhel_e4s:9.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.4) |
cpe:/o:redhat:rhel_e4s:9.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v.9.4) |
cpe:/o:redhat:rhel_eus:9.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v.9.6) |
cpe:/o:redhat:rhel_eus:9.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 9) |
cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux CRB (v. 8) |
cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux NFV (v. 8) |
cpe:/a:redhat:enterprise_linux:8::nfv |
|
| Red Hat | Red Hat Enterprise Linux NFV E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV (v. 9) |
cpe:/a:redhat:enterprise_linux:9::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux Real Time (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux RT (v. 8) |
cpe:/a:redhat:enterprise_linux:8::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time (v. 9) |
cpe:/a:redhat:enterprise_linux:9::realtime |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:6"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_extras_rt_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux for Real Time (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server Optional (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus:9.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CRB (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux NFV (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux RT (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s NFSv4.0 server (nfsd). A remote, unauthenticated attacker can exploit this heap overflow vulnerability in the NFSv4.0 LOCK replay cache. By using two cooperating NFSv4.0 clients, where one sets a lock with a large owner string and another requests a conflicting lock, the attacker can trigger a slab-out-of-bounds write. This corruption of adjacent heap memory could lead to arbitrary code execution or a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T12:05:51.932Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-31402"
},
{
"name": "RHBZ#2454844",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454844"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31402.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14823"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14925"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14869"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15883"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13566"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19569"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13936"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13734"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10108"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11313"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13565"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13577"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36530"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14165"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13664"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13681"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36531"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36532"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36533"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36534"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13578"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14137"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14301"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:14823: Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION), Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)"
},
{
"lang": "en",
"value": "RHSA-2026:14925: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:14869: Red Hat Enterprise Linux for Real Time (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:15883: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:13566: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19569: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:13936: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:13734: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:10108: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:11313: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:13565: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19568: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:13577: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:36530: Red Hat Enterprise Linux BaseOS (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:14165: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:13664: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:13681: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:36531: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:36532: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:36533: Red Hat Enterprise Linux BaseOS E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:36534: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:13578: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:14137: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:14301: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-03T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-03T00:00:00.000Z",
"value": "Made public."
}
],
"title": "kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4xdr.c",
"fs/nfsd/state.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f9fcb4441f6c02bb20c2eb340101e27dfe23607c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "2665887a69437a8a4f552f69509eecfb73d4aa19",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c9452c0797c95cf2378170df96cf4f4b3bca7eff",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "8afb437ea1f70cacb4bbdf11771fb5c4d720b965",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0f0e2a54a31a7f9ad2915db99156114872317388",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ae8498337dfdfda71bdd0b807c9a23a126011d76",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "5133b61aaf437e5f25b1b396b14242a6bb0508e2",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4xdr.c",
"fs/nfsd/state.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.20",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.253",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.210",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.78",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.20",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.10",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-19T11:57:38.623Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f9fcb4441f6c02bb20c2eb340101e27dfe23607c"
},
{
"url": "https://git.kernel.org/stable/c/2665887a69437a8a4f552f69509eecfb73d4aa19"
},
{
"url": "https://git.kernel.org/stable/c/c9452c0797c95cf2378170df96cf4f4b3bca7eff"
},
{
"url": "https://git.kernel.org/stable/c/8afb437ea1f70cacb4bbdf11771fb5c4d720b965"
},
{
"url": "https://git.kernel.org/stable/c/dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0"
},
{
"url": "https://git.kernel.org/stable/c/0f0e2a54a31a7f9ad2915db99156114872317388"
},
{
"url": "https://git.kernel.org/stable/c/ae8498337dfdfda71bdd0b807c9a23a126011d76"
},
{
"url": "https://git.kernel.org/stable/c/5133b61aaf437e5f25b1b396b14242a6bb0508e2"
}
],
"title": "nfsd: fix heap overflow in NFSv4.0 LOCK replay cache",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31402",
"datePublished": "2026-04-03T15:16:05.724Z",
"dateReserved": "2026-03-09T15:48:24.086Z",
"dateUpdated": "2026-07-08T12:05:51.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-31402",
"date": "2026-07-10",
"epss": "0.0049",
"percentile": "0.38687"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31402\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-04-03T16:16:39.283\",\"lastModified\":\"2026-07-08T13:16:34.250\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\\n\\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\\nThis size was calculated based on OPEN responses and does not account\\nfor LOCK denied responses, which include the conflicting lock owner as\\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\\n\\nWhen a LOCK operation is denied due to a conflict with an existing lock\\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\\nwith no bounds check. This results in a slab-out-of-bounds write of up\\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\\n\\nThis can be triggered remotely by an unauthenticated attacker with two\\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\\nthen the other requests a conflicting lock to provoke the denial.\\n\\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\\nopaque, but that would increase the size of every stateowner, when most\\nlockowners are not that large.\\n\\nInstead, fix this by checking the encoded response length against\\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\\nresponse is too large, set rp_buflen to 0 to skip caching the replay\\npayload. The status is still cached, and the client already received the\\ncorrect response on the original request.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"fs/nfsd/nfs4xdr.c\",\"fs/nfsd/state.h\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"f9fcb4441f6c02bb20c2eb340101e27dfe23607c\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"2665887a69437a8a4f552f69509eecfb73d4aa19\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"c9452c0797c95cf2378170df96cf4f4b3bca7eff\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"8afb437ea1f70cacb4bbdf11771fb5c4d720b965\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"0f0e2a54a31a7f9ad2915db99156114872317388\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"ae8498337dfdfda71bdd0b807c9a23a126011d76\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1da177e4c3f41524e886b7f1b8a0c1fc7321cac2\",\"lessThan\":\"5133b61aaf437e5f25b1b396b14242a6bb0508e2\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"fs/nfsd/nfs4xdr.c\",\"fs/nfsd/state.h\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"2.6.12\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"2.6.12\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.253\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.210\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.167\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.130\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.78\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.20\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.19.10\",\"lessThanOrEqual\":\"6.19.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server -EXTENSION(v. 6 ELS-EXTENSION)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server Optional -EXTENSION (v. 6 ELS -EXTENSION)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux for Real Time (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_extras_rt_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server Optional (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS AUS (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_aus:8.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_aus:8.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:8.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS TUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_tus:8.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:8.8::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS TUS (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_tus:8.8::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.0::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.2::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_eus:9.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_eus:9.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CRB (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux NFV (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux NFV E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux RT (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.12.1\",\"versionEndExcluding\":\"5.10.253\",\"matchCriteriaId\":\"5F0E43E1-33E5-4828-9B4A-F710AF2E7217\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"6.1.167\",\"matchCriteriaId\":\"56D62904-7C85-4BED-9EC0-3982B880F72D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.130\",\"matchCriteriaId\":\"C57BB918-DF28-46B3-94F7-144176841267\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.78\",\"matchCriteriaId\":\"28D591F5-B196-4CC9-905C-DC80F116E7A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.20\",\"matchCriteriaId\":\"E5571059-6552-48E7-9BEF-3E358C387171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"6.19.10\",\"matchCriteriaId\":\"96D34333-38BE-4414-9E79-6EB764329581\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F62EECE-8FB1-4D57-85D8-CB9E23CF313C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F76C298-81DC-43E4-8FC9-DC005A2116EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AB349B2-3F78-4197-882B-90ADB3BF645A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AC88830-A9BC-4607-B572-A4B502FC9FD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"476CB3A5-D022-4F13-AAEF-CB6A5785516A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F253B622-8837-4245-BCE5-A7BF8FC76A16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F666C8D8-6538-46D4-B318-87610DE64C34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"02259FDA-961B-47BC-AE7F-93D7EC6E90C2\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0f0e2a54a31a7f9ad2915db99156114872317388\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2665887a69437a8a4f552f69509eecfb73d4aa19\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/5133b61aaf437e5f25b1b396b14242a6bb0508e2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/8afb437ea1f70cacb4bbdf11771fb5c4d720b965\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ae8498337dfdfda71bdd0b807c9a23a126011d76\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c9452c0797c95cf2378170df96cf4f4b3bca7eff\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/dad0c3c0a8e5d1d6eb0fc455694ce3e25e6c57d0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f9fcb4441f6c02bb20c2eb340101e27dfe23607c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10108\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11313\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13565\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13566\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13577\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13578\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13664\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13681\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13734\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13936\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14137\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14165\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14301\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14823\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14869\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14925\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15883\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19569\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36530\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36531\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36532\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36533\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36534\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-31402\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2454844\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31402.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-08T05:25:47+00:00",
"cve": "CVE-2026-31402",
"id": "CVE-2026-31402",
"initial_release_date": "2026-04-03T00:00:00+00:00",
"product_status:fixed": "3227",
"product_status:known_affected": "22",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31402.json",
"version": "3"
}
}
}
SUSE-SU-2026:22491-1
Vulnerability from csaf_suse - Published: 2026-06-24 09:59 - Updated: 2026-06-24 09:59Summary
Security update for the Linux Kernel RT (Live Patch 23 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 23 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-46.1 fixes various security issues
The following security issues were fixed:
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLE-Micro-6.1-kernel-481
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
35 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 23 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-46.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-481",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22491-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22491-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622491-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22491-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047915.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 23 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-24T09:59:05Z",
"generator": {
"date": "2026-06-24T09:59:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22491-1",
"initial_release_date": "2026-06-24T09:59:05Z",
"revision_history": [
{
"date": "2026-06-24T09:59:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-46-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
}
]
}
SUSE-SU-2026:22507-1
Vulnerability from csaf_suse - Published: 2026-06-29 07:43 - Updated: 2026-06-29 07:43Summary
Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues
The following security issues were fixed:
- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLES-16.0-1101
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.12.0-160000.26.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1101",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22507-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22507-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622507-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22507-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/048003.html"
},
{
"category": "self",
"summary": "SUSE Bug 1260907",
"url": "https://bugzilla.suse.com/1260907"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263108",
"url": "https://bugzilla.suse.com/1263108"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31554 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 16)",
"tracking": {
"current_release_date": "2026-06-29T07:43:48Z",
"generator": {
"date": "2026-06-29T07:43:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22507-1",
"initial_release_date": "2026-06-29T07:43:48Z",
"revision_history": [
{
"date": "2026-06-29T07:43:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"product_id": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"product": {
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"product_id": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"product_id": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x"
},
"product_reference": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x"
},
"product_reference": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: always walk all pending catchall elements\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23278",
"url": "https://www.suse.com/security/cve/CVE-2026-23278"
},
{
"category": "external",
"summary": "SUSE Bug 1259998 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "external",
"summary": "SUSE Bug 1260907 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1260907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2026-23278"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Require sys_futex_requeue() to have identical flags\n\nNicholas reported that his LLM found it was possible to create a UaF\nwhen sys_futex_requeue() is used with different flags. The initial\nmotivation for allowing different flags was the variable sized futex,\nbut since that hasn\u0027t been merged (yet), simply mandate the flags are\nidentical, as is the case for the old style sys_futex() requeue\noperations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31554",
"url": "https://www.suse.com/security/cve/CVE-2026-31554"
},
{
"category": "external",
"summary": "SUSE Bug 1263107 for CVE-2026-31554",
"url": "https://bugzilla.suse.com/1263107"
},
{
"category": "external",
"summary": "SUSE Bug 1263108 for CVE-2026-31554",
"url": "https://bugzilla.suse.com/1263108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2026-31554"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_26-default-7-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T07:43:48Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
}
]
}
SUSE-SU-2026:22508-1
Vulnerability from csaf_suse - Published: 2026-06-29 15:48 - Updated: 2026-06-29 15:48Summary
Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 16)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 16)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.32.1 fixes various security issues
The following security issues were fixed:
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLES-16.0-1107
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 16)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.12.0-160000.32.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1107",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22508-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22508-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622508-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22508-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/048002.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263108",
"url": "https://bugzilla.suse.com/1263108"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31554 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise 16)",
"tracking": {
"current_release_date": "2026-06-29T15:48:52Z",
"generator": {
"date": "2026-06-29T15:48:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22508-1",
"initial_release_date": "2026-06-29T15:48:52Z",
"revision_history": [
{
"date": "2026-06-29T15:48:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"product_id": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"product": {
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"product_id": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"product_id": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x"
},
"product_reference": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x"
},
"product_reference": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:48:52Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:48:52Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Require sys_futex_requeue() to have identical flags\n\nNicholas reported that his LLM found it was possible to create a UaF\nwhen sys_futex_requeue() is used with different flags. The initial\nmotivation for allowing different flags was the variable sized futex,\nbut since that hasn\u0027t been merged (yet), simply mandate the flags are\nidentical, as is the case for the old style sys_futex() requeue\noperations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31554",
"url": "https://www.suse.com/security/cve/CVE-2026-31554"
},
{
"category": "external",
"summary": "SUSE Bug 1263107 for CVE-2026-31554",
"url": "https://bugzilla.suse.com/1263107"
},
{
"category": "external",
"summary": "SUSE Bug 1263108 for CVE-2026-31554",
"url": "https://bugzilla.suse.com/1263108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:48:52Z",
"details": "important"
}
],
"title": "CVE-2026-31554"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:48:52Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:48:52Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_32-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:48:52Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
}
]
}
SUSE-SU-2026:22509-1
Vulnerability from csaf_suse - Published: 2026-06-29 15:50 - Updated: 2026-06-29 15:50Summary
Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 16)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 16)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.30.1 fixes various security issues
The following security issues were fixed:
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLES-16.0-1106
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
40 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 16)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.12.0-160000.30.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263108).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-1106",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22509-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22509-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622509-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22509-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/048001.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263108",
"url": "https://bugzilla.suse.com/1263108"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31554 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31554/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise 16)",
"tracking": {
"current_release_date": "2026-06-29T15:50:57Z",
"generator": {
"date": "2026-06-29T15:50:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22509-1",
"initial_release_date": "2026-06-29T15:50:57Z",
"revision_history": [
{
"date": "2026-06-29T15:50:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"product": {
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"product_id": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"product": {
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"product_id": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"product_id": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x"
},
"product_reference": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le"
},
"product_reference": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x"
},
"product_reference": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:50:57Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:50:57Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31554"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfutex: Require sys_futex_requeue() to have identical flags\n\nNicholas reported that his LLM found it was possible to create a UaF\nwhen sys_futex_requeue() is used with different flags. The initial\nmotivation for allowing different flags was the variable sized futex,\nbut since that hasn\u0027t been merged (yet), simply mandate the flags are\nidentical, as is the case for the old style sys_futex() requeue\noperations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31554",
"url": "https://www.suse.com/security/cve/CVE-2026-31554"
},
{
"category": "external",
"summary": "SUSE Bug 1263107 for CVE-2026-31554",
"url": "https://bugzilla.suse.com/1263107"
},
{
"category": "external",
"summary": "SUSE Bug 1263108 for CVE-2026-31554",
"url": "https://bugzilla.suse.com/1263108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:50:57Z",
"details": "important"
}
],
"title": "CVE-2026-31554"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:50:57Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:50:57Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:kernel-livepatch-6_12_0-160000_30-default-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-29T15:50:57Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
}
]
}
SUSE-SU-2026:2317-1
Vulnerability from csaf_suse - Published: 2026-06-09 13:20 - Updated: 2026-06-09 13:20Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2026-23271: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (bsc#1260018).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261638).
- CVE-2026-31607: usbip: validate number_of_packets in usbip_pack_ret_submit() (bsc#1263600).
- CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263668).
- CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
- CVE-2026-43126: ALSA: mixer: oss: Add card disconnect checkpoints (bsc#1264634).
- CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264848).
- CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (bsc#1265126).
- CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).
Patchnames: SUSE-2026-2317,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-2317
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.2 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
52 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-23271: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (bsc#1260018).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261638).\n- CVE-2026-31607: usbip: validate number_of_packets in usbip_pack_ret_submit() (bsc#1263600).\n- CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263668).\n- CVE-2026-43037: ip6_tunnel: clear skb2-\u003ecb in ip4ip6_err() (bsc#1263995).\n- CVE-2026-43126: ALSA: mixer: oss: Add card disconnect checkpoints (bsc#1264634).\n- CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264848).\n- CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (bsc#1265126).\n- CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2317,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-2317",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2317-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2317-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262317-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2317-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047220.html"
},
{
"category": "self",
"summary": "SUSE Bug 1260018",
"url": "https://bugzilla.suse.com/1260018"
},
{
"category": "self",
"summary": "SUSE Bug 1261638",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "self",
"summary": "SUSE Bug 1263600",
"url": "https://bugzilla.suse.com/1263600"
},
{
"category": "self",
"summary": "SUSE Bug 1263668",
"url": "https://bugzilla.suse.com/1263668"
},
{
"category": "self",
"summary": "SUSE Bug 1263995",
"url": "https://bugzilla.suse.com/1263995"
},
{
"category": "self",
"summary": "SUSE Bug 1264634",
"url": "https://bugzilla.suse.com/1264634"
},
{
"category": "self",
"summary": "SUSE Bug 1264848",
"url": "https://bugzilla.suse.com/1264848"
},
{
"category": "self",
"summary": "SUSE Bug 1265126",
"url": "https://bugzilla.suse.com/1265126"
},
{
"category": "self",
"summary": "SUSE Bug 1266001",
"url": "https://bugzilla.suse.com/1266001"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23271 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31607 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31685 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43037 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43126 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43126/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43190 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43437 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43499 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46243/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-06-09T13:20:53Z",
"generator": {
"date": "2026-06-09T13:20:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2317-1",
"initial_release_date": "2026-06-09T13:20:53Z",
"revision_history": [
{
"date": "2026-06-09T13:20:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-debug-3.0.101-108.210.1.i586",
"product_id": "kernel-debug-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-debug-base-3.0.101-108.210.1.i586",
"product_id": "kernel-debug-base-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-debug-devel-3.0.101-108.210.1.i586",
"product_id": "kernel-debug-devel-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-debug-extra-3.0.101-108.210.1.i586",
"product_id": "kernel-debug-extra-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-debug-hmac-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-debug-hmac-3.0.101-108.210.1.i586",
"product_id": "kernel-debug-hmac-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-default-3.0.101-108.210.1.i586",
"product_id": "kernel-default-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-base-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-default-base-3.0.101-108.210.1.i586",
"product_id": "kernel-default-base-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-default-devel-3.0.101-108.210.1.i586",
"product_id": "kernel-default-devel-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-default-extra-3.0.101-108.210.1.i586",
"product_id": "kernel-default-extra-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-default-hmac-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-default-hmac-3.0.101-108.210.1.i586",
"product_id": "kernel-default-hmac-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-ec2-3.0.101-108.210.1.i586",
"product_id": "kernel-ec2-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-base-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-ec2-base-3.0.101-108.210.1.i586",
"product_id": "kernel-ec2-base-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-devel-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-ec2-devel-3.0.101-108.210.1.i586",
"product_id": "kernel-ec2-devel-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-extra-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-ec2-extra-3.0.101-108.210.1.i586",
"product_id": "kernel-ec2-extra-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-ec2-hmac-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-ec2-hmac-3.0.101-108.210.1.i586",
"product_id": "kernel-ec2-hmac-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-pae-3.0.101-108.210.1.i586",
"product_id": "kernel-pae-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-base-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-pae-base-3.0.101-108.210.1.i586",
"product_id": "kernel-pae-base-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-devel-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-pae-devel-3.0.101-108.210.1.i586",
"product_id": "kernel-pae-devel-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-extra-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-pae-extra-3.0.101-108.210.1.i586",
"product_id": "kernel-pae-extra-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-pae-hmac-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-pae-hmac-3.0.101-108.210.1.i586",
"product_id": "kernel-pae-hmac-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-source-3.0.101-108.210.1.i586",
"product_id": "kernel-source-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.210.1.i586",
"product_id": "kernel-source-vanilla-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-syms-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-syms-3.0.101-108.210.1.i586",
"product_id": "kernel-syms-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-trace-3.0.101-108.210.1.i586",
"product_id": "kernel-trace-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-base-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-trace-base-3.0.101-108.210.1.i586",
"product_id": "kernel-trace-base-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-devel-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-trace-devel-3.0.101-108.210.1.i586",
"product_id": "kernel-trace-devel-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-extra-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-trace-extra-3.0.101-108.210.1.i586",
"product_id": "kernel-trace-extra-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-trace-hmac-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-trace-hmac-3.0.101-108.210.1.i586",
"product_id": "kernel-trace-hmac-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-vanilla-3.0.101-108.210.1.i586",
"product_id": "kernel-vanilla-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-vanilla-base-3.0.101-108.210.1.i586",
"product_id": "kernel-vanilla-base-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-vanilla-devel-3.0.101-108.210.1.i586",
"product_id": "kernel-vanilla-devel-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-hmac-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-vanilla-hmac-3.0.101-108.210.1.i586",
"product_id": "kernel-vanilla-hmac-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-xen-3.0.101-108.210.1.i586",
"product_id": "kernel-xen-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-base-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-xen-base-3.0.101-108.210.1.i586",
"product_id": "kernel-xen-base-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-devel-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-xen-devel-3.0.101-108.210.1.i586",
"product_id": "kernel-xen-devel-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-extra-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-xen-extra-3.0.101-108.210.1.i586",
"product_id": "kernel-xen-extra-3.0.101-108.210.1.i586"
}
},
{
"category": "product_version",
"name": "kernel-xen-hmac-3.0.101-108.210.1.i586",
"product": {
"name": "kernel-xen-hmac-3.0.101-108.210.1.i586",
"product_id": "kernel-xen-hmac-3.0.101-108.210.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.210.1.ia64",
"product": {
"name": "kernel-source-3.0.101-108.210.1.ia64",
"product_id": "kernel-source-3.0.101-108.210.1.ia64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.210.1.ia64",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.210.1.ia64",
"product_id": "kernel-source-vanilla-3.0.101-108.210.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-docs-3.0.101-108.210.1.noarch",
"product": {
"name": "kernel-docs-3.0.101-108.210.1.noarch",
"product_id": "kernel-docs-3.0.101-108.210.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.210.1.ppc64",
"product": {
"name": "kernel-source-3.0.101-108.210.1.ppc64",
"product_id": "kernel-source-3.0.101-108.210.1.ppc64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.210.1.ppc64",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.210.1.ppc64",
"product_id": "kernel-source-vanilla-3.0.101-108.210.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.210.1.s390",
"product": {
"name": "kernel-source-3.0.101-108.210.1.s390",
"product_id": "kernel-source-3.0.101-108.210.1.s390"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.210.1.s390",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.210.1.s390",
"product_id": "kernel-source-vanilla-3.0.101-108.210.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.210.1.s390x",
"product": {
"name": "kernel-source-3.0.101-108.210.1.s390x",
"product_id": "kernel-source-3.0.101-108.210.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.210.1.s390x",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.210.1.s390x",
"product_id": "kernel-source-vanilla-3.0.101-108.210.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-debug-3.0.101-108.210.1.x86_64",
"product_id": "kernel-debug-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-debug-base-3.0.101-108.210.1.x86_64",
"product_id": "kernel-debug-base-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-debug-devel-3.0.101-108.210.1.x86_64",
"product_id": "kernel-debug-devel-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-debug-extra-3.0.101-108.210.1.x86_64",
"product_id": "kernel-debug-extra-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-hmac-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-debug-hmac-3.0.101-108.210.1.x86_64",
"product_id": "kernel-debug-hmac-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-default-3.0.101-108.210.1.x86_64",
"product_id": "kernel-default-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-default-base-3.0.101-108.210.1.x86_64",
"product_id": "kernel-default-base-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-default-devel-3.0.101-108.210.1.x86_64",
"product_id": "kernel-default-devel-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-default-extra-3.0.101-108.210.1.x86_64",
"product_id": "kernel-default-extra-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-hmac-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-default-hmac-3.0.101-108.210.1.x86_64",
"product_id": "kernel-default-hmac-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-ec2-3.0.101-108.210.1.x86_64",
"product_id": "kernel-ec2-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-base-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-ec2-base-3.0.101-108.210.1.x86_64",
"product_id": "kernel-ec2-base-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"product_id": "kernel-ec2-devel-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-extra-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-ec2-extra-3.0.101-108.210.1.x86_64",
"product_id": "kernel-ec2-extra-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-hmac-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-ec2-hmac-3.0.101-108.210.1.x86_64",
"product_id": "kernel-ec2-hmac-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-source-3.0.101-108.210.1.x86_64",
"product_id": "kernel-source-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-source-vanilla-3.0.101-108.210.1.x86_64",
"product_id": "kernel-source-vanilla-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-syms-3.0.101-108.210.1.x86_64",
"product_id": "kernel-syms-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-trace-3.0.101-108.210.1.x86_64",
"product_id": "kernel-trace-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-base-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-trace-base-3.0.101-108.210.1.x86_64",
"product_id": "kernel-trace-base-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-devel-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-trace-devel-3.0.101-108.210.1.x86_64",
"product_id": "kernel-trace-devel-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-extra-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-trace-extra-3.0.101-108.210.1.x86_64",
"product_id": "kernel-trace-extra-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-trace-hmac-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-trace-hmac-3.0.101-108.210.1.x86_64",
"product_id": "kernel-trace-hmac-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-vanilla-3.0.101-108.210.1.x86_64",
"product_id": "kernel-vanilla-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-vanilla-base-3.0.101-108.210.1.x86_64",
"product_id": "kernel-vanilla-base-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-vanilla-devel-3.0.101-108.210.1.x86_64",
"product_id": "kernel-vanilla-devel-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-hmac-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-vanilla-hmac-3.0.101-108.210.1.x86_64",
"product_id": "kernel-vanilla-hmac-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-xen-3.0.101-108.210.1.x86_64",
"product_id": "kernel-xen-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-base-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-xen-base-3.0.101-108.210.1.x86_64",
"product_id": "kernel-xen-base-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-devel-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-xen-devel-3.0.101-108.210.1.x86_64",
"product_id": "kernel-xen-devel-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-extra-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-xen-extra-3.0.101-108.210.1.x86_64",
"product_id": "kernel-xen-extra-3.0.101-108.210.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-hmac-3.0.101-108.210.1.x86_64",
"product": {
"name": "kernel-xen-hmac-3.0.101-108.210.1.x86_64",
"product_id": "kernel-xen-hmac-3.0.101-108.210.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_sles_ltss-extreme-core:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-default-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-default-base-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-default-devel-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-3.0.101-108.210.1.noarch as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch"
},
"product_reference": "kernel-docs-3.0.101-108.210.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ec2-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-ec2-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ec2-base-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-ec2-base-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ec2-devel-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-source-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-syms-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-trace-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-trace-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-trace-base-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-trace-base-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-trace-devel-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-trace-devel-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-xen-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-xen-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-xen-base-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-xen-base-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-xen-devel-3.0.101-108.210.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE",
"product_id": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
},
"product_reference": "kernel-xen-devel-3.0.101-108.210.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23271"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix __perf_event_overflow() vs perf_remove_from_context() race\n\nMake sure that __perf_event_overflow() runs with IRQs disabled for all\npossible callchains. Specifically the software events can end up running\nit with only preemption disabled.\n\nThis opens up a race vs perf_event_exit_event() and friends that will go\nand free various things the overflow path expects to be present, like\nthe BPF program.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23271",
"url": "https://www.suse.com/security/cve/CVE-2026-23271"
},
{
"category": "external",
"summary": "SUSE Bug 1260018 for CVE-2026-23271",
"url": "https://bugzilla.suse.com/1260018"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-23271"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31607"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbip: validate number_of_packets in usbip_pack_ret_submit()\n\nWhen a USB/IP client receives a RET_SUBMIT response,\nusbip_pack_ret_submit() unconditionally overwrites\nurb-\u003enumber_of_packets from the network PDU. This value is\nsubsequently used as the loop bound in usbip_recv_iso() and\nusbip_pad_iso() to iterate over urb-\u003eiso_frame_desc[], a flexible\narray whose size was fixed at URB allocation time based on the\n*original* number_of_packets from the CMD_SUBMIT.\n\nA malicious USB/IP server can set number_of_packets in the response\nto a value larger than what was originally submitted, causing a heap\nout-of-bounds write when usbip_recv_iso() writes to\nurb-\u003eiso_frame_desc[i] beyond the allocated region.\n\nKASAN confirmed this with kernel 7.0.0-rc5:\n\n BUG: KASAN: slab-out-of-bounds in usbip_recv_iso+0x46a/0x640\n Write of size 4 at addr ffff888106351d40 by task vhci_rx/69\n\n The buggy address is located 0 bytes to the right of\n allocated 320-byte region [ffff888106351c00, ffff888106351d40)\n\nThe server side (stub_rx.c) and gadget side (vudc_rx.c) already\nvalidate number_of_packets in the CMD_SUBMIT path since commits\nc6688ef9f297 (\"usbip: fix stub_rx: harden CMD_SUBMIT path to handle\nmalicious input\") and b78d830f0049 (\"usbip: fix vudc_rx: harden\nCMD_SUBMIT path to handle malicious input\"). The server side validates\nagainst USBIP_MAX_ISO_PACKETS because no URB exists yet at that point.\nOn the client side we have the original URB, so we can use the tighter\nbound: the response must not exceed the original number_of_packets.\n\nThis mirrors the existing validation of actual_length against\ntransfer_buffer_length in usbip_recv_xbuff(), which checks the\nresponse value against the original allocation size.\n\nKelvin Mbogo\u0027s series (\"usb: usbip: fix integer overflow in\nusbip_recv_iso()\", v2) hardens the receive-side functions themselves;\nthis patch complements that work by catching the bad value at its\nsource -- in usbip_pack_ret_submit() before the overwrite -- and\nusing the tighter per-URB allocation bound rather than the global\nUSBIP_MAX_ISO_PACKETS limit.\n\nFix this by checking rpdu-\u003enumber_of_packets against\nurb-\u003enumber_of_packets in usbip_pack_ret_submit() before the\noverwrite. On violation, clamp to zero so that usbip_recv_iso() and\nusbip_pad_iso() safely return early.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31607",
"url": "https://www.suse.com/security/cve/CVE-2026-31607"
},
{
"category": "external",
"summary": "SUSE Bug 1263600 for CVE-2026-31607",
"url": "https://bugzilla.suse.com/1263600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "moderate"
}
],
"title": "CVE-2026-31607"
},
{
"cve": "CVE-2026-31685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31685"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ip6t_eui64: reject invalid MAC header for all packets\n\n`eui64_mt6()` derives a modified EUI-64 from the Ethernet source address\nand compares it with the low 64 bits of the IPv6 source address.\n\nThe existing guard only rejects an invalid MAC header when\n`par-\u003efragoff != 0`. For packets with `par-\u003efragoff == 0`, `eui64_mt6()`\ncan still reach `eth_hdr(skb)` even when the MAC header is not valid.\n\nFix this by removing the `par-\u003efragoff != 0` condition so that packets\nwith an invalid MAC header are rejected before accessing `eth_hdr(skb)`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31685",
"url": "https://www.suse.com/security/cve/CVE-2026-31685"
},
{
"category": "external",
"summary": "SUSE Bug 1263668 for CVE-2026-31685",
"url": "https://bugzilla.suse.com/1263668"
},
{
"category": "external",
"summary": "SUSE Bug 1263670 for CVE-2026-31685",
"url": "https://bugzilla.suse.com/1263670"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "important"
}
],
"title": "CVE-2026-31685"
},
{
"cve": "CVE-2026-43037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: clear skb2-\u003ecb[] in ip4ip6_err()\n\nOskar Kjos reported the following problem.\n\nip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written\nby the IPv6 receive path as struct inet6_skb_parm. icmp_send() passes\nIPCB(skb2) to __ip_options_echo(), which interprets that cb[] region\nas struct inet_skb_parm (IPv4). The layouts differ: inet6_skb_parm.nhoff\nat offset 14 overlaps inet_skb_parm.opt.rr, producing a non-zero rr\nvalue. __ip_options_echo() then reads optlen from attacker-controlled\npacket data at sptr[rr+1] and copies that many bytes into dopt-\u003e__data,\na fixed 40-byte stack buffer (IP_OPTIONS_DATA_FIXED_SIZE).\n\nTo fix this we clear skb2-\u003ecb[], as suggested by Oskar Kjos.\n\nAlso add minimal IPv4 header validation (version == 4, ihl \u003e= 5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43037",
"url": "https://www.suse.com/security/cve/CVE-2026-43037"
},
{
"category": "external",
"summary": "SUSE Bug 1263995 for CVE-2026-43037",
"url": "https://bugzilla.suse.com/1263995"
},
{
"category": "external",
"summary": "SUSE Bug 1265197 for CVE-2026-43037",
"url": "https://bugzilla.suse.com/1265197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "important"
}
],
"title": "CVE-2026-43037"
},
{
"cve": "CVE-2026-43126",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43126"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: mixer: oss: Add card disconnect checkpoints\n\nALSA OSS mixer layer calls the kcontrol ops rather individually, and\npending calls might be not always caught at disconnecting the device.\n\nFor avoiding the potential UAF scenarios, add sanity checks of the\ncard disconnection at each entry point of OSS mixer accesses. The\nrwsem is taken just before that check, hence the rest context should\nbe covered by that properly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43126",
"url": "https://www.suse.com/security/cve/CVE-2026-43126"
},
{
"category": "external",
"summary": "SUSE Bug 1264634 for CVE-2026-43126",
"url": "https://bugzilla.suse.com/1264634"
},
{
"category": "external",
"summary": "SUSE Bug 1264636 for CVE-2026-43126",
"url": "https://bugzilla.suse.com/1264636"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "important"
}
],
"title": "CVE-2026-43126"
},
{
"cve": "CVE-2026-43190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43190"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_tcpmss: check remaining length before reading optlen\n\nQuoting reporter:\n In net/netfilter/xt_tcpmss.c (lines 53-68), the TCP option parser reads\n op[i+1] directly without validating the remaining option length.\n\n If the last byte of the option field is not EOL/NOP (0/1), the code attempts\n to index op[i+1]. In the case where i + 1 == optlen, this causes an\n out-of-bounds read, accessing memory past the optlen boundary\n (either reading beyond the stack buffer _opt or the\n following payload).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43190",
"url": "https://www.suse.com/security/cve/CVE-2026-43190"
},
{
"category": "external",
"summary": "SUSE Bug 1264848 for CVE-2026-43190",
"url": "https://bugzilla.suse.com/1264848"
},
{
"category": "external",
"summary": "SUSE Bug 1264849 for CVE-2026-43190",
"url": "https://bugzilla.suse.com/1264849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "important"
}
],
"title": "CVE-2026-43190"
},
{
"cve": "CVE-2026-43437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43437"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain()\n\nIn the drain loop, the local variable \u0027runtime\u0027 is reassigned to a\nlinked stream\u0027s runtime (runtime = s-\u003eruntime at line 2157). After\nreleasing the stream lock at line 2169, the code accesses\nruntime-\u003eno_period_wakeup, runtime-\u003erate, and runtime-\u003ebuffer_size\n(lines 2170-2178) - all referencing the linked stream\u0027s runtime without\nany lock or refcount protecting its lifetime.\n\nA concurrent close() on the linked stream\u0027s fd triggers\nsnd_pcm_release_substream() -\u003e snd_pcm_drop() -\u003e pcm_release_private()\n-\u003e snd_pcm_unlink() -\u003e snd_pcm_detach_substream() -\u003e kfree(runtime).\nNo synchronization prevents kfree(runtime) from completing while the\ndrain path dereferences the stale pointer.\n\nFix by caching the needed runtime fields (no_period_wakeup, rate,\nbuffer_size) into local variables while still holding the stream lock,\nand using the cached values after the lock is released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43437",
"url": "https://www.suse.com/security/cve/CVE-2026-43437"
},
{
"category": "external",
"summary": "SUSE Bug 1265126 for CVE-2026-43437",
"url": "https://bugzilla.suse.com/1265126"
},
{
"category": "external",
"summary": "SUSE Bug 1265127 for CVE-2026-43437",
"url": "https://bugzilla.suse.com/1265127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "important"
}
],
"title": "CVE-2026-43437"
},
{
"cve": "CVE-2026-43499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Use waiter::task instead of current in remove_waiter()\n\nremove_waiter() is used by the slowlock paths, but it is also used for\nproxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from\nfutex_requeue().\n\nIn the latter case waiter::task is not current, but remove_waiter()\noperates on current for the dequeue operation. That results in several\nproblems:\n\n 1) the rbtree dequeue happens without waiter::task::pi_lock being held\n\n 2) the waiter task\u0027s pi_blocked_on state is not cleared, which leaves a\n dangling pointer primed for UAF around.\n\n 3) rt_mutex_adjust_prio_chain() operates on the wrong top priority waiter\n task\n\nUse waiter::task instead of current in all related operations in\nremove_waiter() to cure those problems.\n\n[ tglx: Fixup rt_mutex_adjust_prio_chain(), add a comment and amend the\n \tchangelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43499",
"url": "https://www.suse.com/security/cve/CVE-2026-43499"
},
{
"category": "external",
"summary": "SUSE Bug 1266001 for CVE-2026-43499",
"url": "https://bugzilla.suse.com/1266001"
},
{
"category": "external",
"summary": "SUSE Bug 1266014 for CVE-2026-43499",
"url": "https://bugzilla.suse.com/1266014"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "important"
}
],
"title": "CVE-2026-43499"
},
{
"cve": "CVE-2026-46243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: reject userspace cifs.spnego descriptions\n\ncifs.spnego key descriptions contain authority-bearing fields such as\npid, uid, creduid, and upcall_target that cifs.upcall treats as\nkernel-originating inputs. However, userspace can also create keys of\nthis type through request_key(2) or add_key(2), allowing those fields to\nbe supplied without CIFS origin.\n\nOnly accept cifs.spnego descriptions while CIFS is using its private\nspnego_cred to request the key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46243",
"url": "https://www.suse.com/security/cve/CVE-2026-46243"
},
{
"category": "external",
"summary": "SUSE Bug 1266238 for CVE-2026-46243",
"url": "https://bugzilla.suse.com/1266238"
},
{
"category": "external",
"summary": "SUSE Bug 1266265 for CVE-2026-46243",
"url": "https://bugzilla.suse.com/1266265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.210.1.noarch",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.210.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.210.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-09T13:20:53Z",
"details": "important"
}
],
"title": "CVE-2026-46243"
}
]
}
SUSE-SU-2026:2494-1
Vulnerability from csaf_suse - Published: 2026-06-22 16:34 - Updated: 2026-06-22 16:34Summary
Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 4.12.14-122.261 fixes various security issues
The following security issues were fixed:
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
Patchnames: SUSE-2026-2494,SUSE-SLE-Live-Patching-12-SP5-2026-2494
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 4.12.14-122.261 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2494,SUSE-SLE-Live-Patching-12-SP5-2026-2494",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2494-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2494-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262494-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2494-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026869.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 69 for SUSE Linux Enterprise 12 SP5)",
"tracking": {
"current_release_date": "2026-06-22T16:34:42Z",
"generator": {
"date": "2026-06-22T16:34:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2494-1",
"initial_release_date": "2026-06-22T16:34:42Z",
"revision_history": [
{
"date": "2026-06-22T16:34:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"product": {
"name": "kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"product_id": "kgraft-patch-4_12_14-122_261-default-17-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64",
"product_id": "kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_261-default-17-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x"
},
"product_reference": "kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T16:34:42Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T16:34:42Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T16:34:42Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.s390x",
"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_261-default-17-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T16:34:42Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
}
]
}
SUSE-SU-2026:2496-1
Vulnerability from csaf_suse - Published: 2026-06-22 18:34 - Updated: 2026-06-22 18:34Summary
Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.184 fixes various security issues
The following security issues were fixed:
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
Patchnames: SUSE-2026-2495,SUSE-2026-2496,SUSE-2026-2499,SUSE-SLE-Module-Live-Patching-15-SP4-2026-2495
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.184 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2495,SUSE-2026-2496,SUSE-2026-2499,SUSE-SLE-Module-Live-Patching-15-SP4-2026-2495",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2496-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2496-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262496-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2496-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026868.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 46 for SUSE Linux Enterprise 15 SP4)",
"tracking": {
"current_release_date": "2026-06-22T18:34:01Z",
"generator": {
"date": "2026-06-22T18:34:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2496-1",
"initial_release_date": "2026-06-22T18:34:01Z",
"revision_history": [
{
"date": "2026-06-22T18:34:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_167-default-20-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_209-default-3-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T18:34:01Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T18:34:01Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T18:34:01Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T18:34:01Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_184-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T18:34:01Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
}
]
}
SUSE-SU-2026:2500-1
Vulnerability from csaf_suse - Published: 2026-06-22 20:04 - Updated: 2026-06-22 20:04Summary
Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.28 fixes various security issues
The following security issues were fixed:
- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-2026-2500,SUSE-SLE-Module-Live-Patching-15-SP7-2026-2500
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
37 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.28 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1260907).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2500,SUSE-SLE-Module-Live-Patching-15-SP7-2026-2500",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2500-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2500-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262500-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2500-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047463.html"
},
{
"category": "self",
"summary": "SUSE Bug 1260907",
"url": "https://bugzilla.suse.com/1260907"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7)",
"tracking": {
"current_release_date": "2026-06-22T20:04:09Z",
"generator": {
"date": "2026-06-22T20:04:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2500-1",
"initial_release_date": "2026-06-22T20:04:09Z",
"revision_history": [
{
"date": "2026-06-22T20:04:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: always walk all pending catchall elements\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23278",
"url": "https://www.suse.com/security/cve/CVE-2026-23278"
},
{
"category": "external",
"summary": "SUSE Bug 1259998 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "external",
"summary": "SUSE Bug 1260907 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1260907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:09Z",
"details": "important"
}
],
"title": "CVE-2026-23278"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:09Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:09Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:09Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:09Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_28-rt-8-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:09Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
}
]
}
SUSE-SU-2026:2503-1
Vulnerability from csaf_suse - Published: 2026-06-22 20:04 - Updated: 2026-06-22 20:04Summary
Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise 15 SP7)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise 15 SP7)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.37 fixes various security issues
The following security issues were fixed:
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-2026-2503,SUSE-SLE-Module-Live-Patching-15-SP7-2026-2503
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
32 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise 15 SP7)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.37 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2503,SUSE-SLE-Module-Live-Patching-15-SP7-2026-2503",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2503-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2503-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262503-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2503-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047470.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 11 for SUSE Linux Enterprise 15 SP7)",
"tracking": {
"current_release_date": "2026-06-22T20:04:29Z",
"generator": {
"date": "2026-06-22T20:04:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2503-1",
"initial_release_date": "2026-06-22T20:04:29Z",
"revision_history": [
{
"date": "2026-06-22T20:04:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:29Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:29Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:29Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:29Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-5-150700.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-22T20:04:29Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
}
]
}
SUSE-SU-2026:2511-1
Vulnerability from csaf_suse - Published: 2026-06-23 05:04 - Updated: 2026-06-23 05:04Summary
Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes various security issues
The following security issues were fixed:
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
Patchnames: SUSE-2026-2510,SUSE-2026-2511,SUSE-2026-2512,SUSE-SLE-Module-Live-Patching-15-SP4-2026-2513
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.2 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2510,SUSE-2026-2511,SUSE-2026-2512,SUSE-SLE-Module-Live-Patching-15-SP4-2026-2513",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2511-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2511-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262511-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2511-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047467.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)",
"tracking": {
"current_release_date": "2026-06-23T05:04:25Z",
"generator": {
"date": "2026-06-23T05:04:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2511-1",
"initial_release_date": "2026-06-23T05:04:25Z",
"revision_history": [
{
"date": "2026-06-23T05:04:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"product_id": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"product_id": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_214-default-2-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_197-default-5-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_205-default-4-150400.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64",
"product": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64",
"product_id": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
},
"product_reference": "kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-23T05:04:25Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-23T05:04:25Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-23T05:04:25Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-23T05:04:25Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.s390x",
"SUSE Linux Enterprise Live Patching 15 SP4:kernel-livepatch-5_14_21-150400_24_187-default-9-150400.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-23T05:04:25Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…