SUSE-SU-2026:21521-1
Vulnerability from csaf_suse - Published: 2026-05-05 17:32 - Updated: 2026-05-05 17:32Summary
Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues
The following security issues were fixed:
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126).
- CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845).
- CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630).
- CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689).
Patchnames: SUSE-SL-Micro-6.2-689
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.12.0-160000.27.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1259126).\n- CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261845).\n- CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261630).\n- CVE-2026-31431: crypto: algif_aead - Revert to operating out-of-place (bsc#1263689).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-689",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21521-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21521-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621521-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21521-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026005.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259126",
"url": "https://bugzilla.suse.com/1259126"
},
{
"category": "self",
"summary": "SUSE Bug 1261630",
"url": "https://bugzilla.suse.com/1261630"
},
{
"category": "self",
"summary": "SUSE Bug 1261845",
"url": "https://bugzilla.suse.com/1261845"
},
{
"category": "self",
"summary": "SUSE Bug 1263689",
"url": "https://bugzilla.suse.com/1263689"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23204 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23437 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23437/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31406 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31431 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31431/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise 16)",
"tracking": {
"current_release_date": "2026-05-05T17:32:16Z",
"generator": {
"date": "2026-05-05T17:32:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21521-1",
"initial_release_date": "2026-05-05T17:32:16Z",
"revision_history": [
{
"date": "2026-05-05T17:32:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64",
"product_id": "kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23204",
"url": "https://www.suse.com/security/cve/CVE-2026-23204"
},
{
"category": "external",
"summary": "SUSE Bug 1258340 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "external",
"summary": "SUSE Bug 1259126 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1259126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-05T17:32:16Z",
"details": "important"
}
],
"title": "CVE-2026-23204"
},
{
"cve": "CVE-2026-23437",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23437"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: shaper: protect late read accesses to the hierarchy\n\nWe look up a netdev during prep of Netlink ops (pre- callbacks)\nand take a ref to it. Then later in the body of the callback\nwe take its lock or RCU which are the actual protections.\n\nThis is not proper, a conversion from a ref to a locked netdev\nmust include a liveness check (a check if the netdev hasn\u0027t been\nunregistered already). Fix the read cases (those under RCU).\nWrites needs a separate change to protect from creating the\nhierarchy after flush has already run.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23437",
"url": "https://www.suse.com/security/cve/CVE-2026-23437"
},
{
"category": "external",
"summary": "SUSE Bug 1261635 for CVE-2026-23437",
"url": "https://bugzilla.suse.com/1261635"
},
{
"category": "external",
"summary": "SUSE Bug 1261845 for CVE-2026-23437",
"url": "https://bugzilla.suse.com/1261845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-05T17:32:16Z",
"details": "important"
}
],
"title": "CVE-2026-23437"
},
{
"cve": "CVE-2026-31406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31406"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini()\n\nAfter cancel_delayed_work_sync() is called from\nxfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes remaining\nstates via __xfrm_state_delete(), which calls\nxfrm_nat_keepalive_state_updated() to re-schedule nat_keepalive_work.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\ncleanup_net() [Round 1]\n ops_undo_list()\n xfrm_net_exit()\n xfrm_nat_keepalive_net_fini()\n cancel_delayed_work_sync(nat_keepalive_work);\n xfrm_state_fini()\n xfrm_state_flush()\n xfrm_state_delete(x)\n __xfrm_state_delete(x)\n xfrm_nat_keepalive_state_updated(x)\n schedule_delayed_work(nat_keepalive_work);\n rcu_barrier();\n net_complete_free();\n net_passive_dec(net);\n llist_add(\u0026net-\u003edefer_free_list, \u0026defer_free_list);\n\ncleanup_net() [Round 2]\n rcu_barrier();\n net_complete_free()\n kmem_cache_free(net_cachep, net);\n nat_keepalive_work()\n // on freed net\n\nTo prevent this, cancel_delayed_work_sync() is replaced with\ndisable_delayed_work_sync().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31406",
"url": "https://www.suse.com/security/cve/CVE-2026-31406"
},
{
"category": "external",
"summary": "SUSE Bug 1261629 for CVE-2026-31406",
"url": "https://bugzilla.suse.com/1261629"
},
{
"category": "external",
"summary": "SUSE Bug 1261630 for CVE-2026-31406",
"url": "https://bugzilla.suse.com/1261630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-05T17:32:16Z",
"details": "important"
}
],
"title": "CVE-2026-31406"
},
{
"cve": "CVE-2026-31431",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31431"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Revert to operating out-of-place\n\nThis mostly reverts commit 72548b093ee3 except for the copying of\nthe associated data.\n\nThere is no benefit in operating in-place in algif_aead since the\nsource and destination come from different mappings. Get rid of\nall the complexity added for in-place operation and just copy the\nAD directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31431",
"url": "https://www.suse.com/security/cve/CVE-2026-31431"
},
{
"category": "external",
"summary": "SUSE Bug 1262573 for CVE-2026-31431",
"url": "https://bugzilla.suse.com/1262573"
},
{
"category": "external",
"summary": "SUSE Bug 1263689 for CVE-2026-31431",
"url": "https://bugzilla.suse.com/1263689"
},
{
"category": "external",
"summary": "SUSE Bug 1263938 for CVE-2026-31431",
"url": "https://bugzilla.suse.com/1263938"
},
{
"category": "external",
"summary": "SUSE Bug 1263939 for CVE-2026-31431",
"url": "https://bugzilla.suse.com/1263939"
},
{
"category": "external",
"summary": "SUSE Bug 1264274 for CVE-2026-31431",
"url": "https://bugzilla.suse.com/1264274"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-livepatch-6_12_0-160000_27-rt-3-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-05T17:32:16Z",
"details": "important"
}
],
"title": "CVE-2026-31431"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…