SUSE 5707 Published by

SUSE distributed a batch of security advisories that address numerous vulnerabilities across SUSE Linux Enterprise 15 and openSUSE Leap 15 platforms. The released patches resolve dangerous flaws in core utilities and development libraries, including ImageMagick, python-Pillow, the Linux kernel, and PHP.

openSUSE-SU-2026:21303-1: important: Security update for gsasl
openSUSE-SU-2026:21302-1: moderate: Security update for nghttp2
openSUSE-SU-2026:21301-1: moderate: Security update for dash
openSUSE-SU-2026:21296-1: important: Security update for python-Pillow
openSUSE-SU-2026:21292-1: important: Security update for agama
openSUSE-SU-2026:21293-1: important: Security update for perl-DBI
openSUSE-SU-2026:21290-1: important: Security update for sssd
openSUSE-SU-2026:21291-1: important: Security update for ImageMagick
openSUSE-SU-2026:21284-1: important: Security update for libXfont2
openSUSE-SU-2026:21289-1: important: Security update for tiff
openSUSE-SU-2026:21283-1: important: Security update for xwayland
SUSE-SU-2026:2853-1: important: Security update for tiff
SUSE-SU-2026:2854-1: moderate: Security update for python-urllib3
SUSE-SU-2026:2864-1: important: Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2866-1: important: Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:2867-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2868-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5)
openSUSE-SU-2026:11249-1: moderate: python313-weasyprint-69.0-1.1 on GA media
openSUSE-SU-2026:11254-1: moderate: chromedriver-150.0.7871.114-1.1 on GA media
openSUSE-SU-2026:11248-1: moderate: python313-Django-5.2.16-1.1 on GA media
openSUSE-SU-2026:11247-1: moderate: libredwg-devel-0.14.8413-1.1 on GA media
SUSE-SU-2026:2874-1: moderate: Security update for sccache
SUSE-SU-2026:2875-1: important: Security update for python-Pillow
SUSE-SU-2026:2880-1: moderate: Security update for php8
SUSE-SU-2026:2885-1: moderate: Security update for alsa
SUSE-SU-2026:2886-1: moderate: Security update for libslirp
SUSE-SU-2026:2890-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:2888-1: important: Security update for the Linux Kernel (Live Patch 52 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2889-1: important: Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)
SUSE-SU-2026:2894-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)
SUSE-SU-2026:2902-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)
SUSE-SU-2026:2899-1: important: Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)
SUSE-SU-2026:2910-1: important: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)




openSUSE-SU-2026:21303-1: important: Security update for gsasl


openSUSE security update: security update for gsasl
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21303-1
Rating: important
References:

* bsc#1268885

Cross-References:

* CVE-2026-56968

CVSS scores:

* CVE-2026-56968 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-56968 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for gsasl fixes the following issue

- CVE-2026-56968: improper sanitization of a short challenge in `_gsasl_ntlm_client_step` of the NTLM client can lead to
memory disclosure (bsc#1268885).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1214=1

Package List:

- openSUSE Leap 16.0:

gsasl-2.2.1-160000.4.1
gsasl-devel-2.2.1-160000.4.1
gsasl-lang-2.2.1-160000.4.1
libgsasl18-2.2.1-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-56968.html



openSUSE-SU-2026:21302-1: moderate: Security update for nghttp2


openSUSE security update: security update for nghttp2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21302-1
Rating: moderate
References:

* bsc#1269489

Cross-References:

* CVE-2026-58055

CVSS scores:

* CVE-2026-58055 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
* CVE-2026-58055 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has one bug fix can now be installed.

Description:

This update for nghttp2 fixes the following issue

- CVE-2026-58055: HTTP request/response smuggling via upgrade request with `Content-Length` (bsc#1269489).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1213=1

Package List:

- openSUSE Leap 16.0:

libnghttp2-14-1.64.0-160000.4.1
libnghttp2-devel-1.64.0-160000.4.1
nghttp2-1.64.0-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-58055.html



openSUSE-SU-2026:21301-1: moderate: Security update for dash


openSUSE security update: security update for dash
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21301-1
Rating: moderate
References:

* bsc#1178978
* bsc#1269494

Cross-References:

* CVE-2026-31323

CVSS scores:

* CVE-2026-31323 ( SUSE ): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-31323 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves one vulnerability and has 2 bug fixes can now be installed.

Description:

This update for dash fixes the following issues

- CVE-2026-31323: Fix CVE-2026-31323 INTMAX_MIN / -1 overflow (bsc#1269494).
- executes code even when noexec ("-n") is specified (bsc#1178978).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1212=1

Package List:

- openSUSE Leap 16.0:

dash-0.5.12-160000.3.1
dash-sh-0.5.12-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-31323.html



openSUSE-SU-2026:21296-1: important: Security update for python-Pillow


openSUSE security update: security update for python-pillow
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21296-1
Rating: important
References:

* bsc#1270404
* bsc#1270409
* bsc#1270410
* bsc#1270411
* bsc#1270412

Cross-References:

* CVE-2026-42311
* CVE-2026-54059
* CVE-2026-54060
* CVE-2026-55379
* CVE-2026-55380

CVSS scores:

* CVE-2026-42311 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-42311 ( SUSE ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-54059 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-54060 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-55379 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-55380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 5 vulnerabilities and has 5 bug fixes can now be installed.

Description:

This update for python-Pillow fixes the following issues

- CVE-2026-42311: malicious PSD file processing can lead to arbitrary code execution (bsc#1270404).
- CVE-2026-54059: crafted PCF font data can cause excessive memory allocation (bsc#1270409).
- CVE-2026-54060: fonts can trigger excessive memory allocation during conversion or saving (bsc#1270410).
- CVE-2026-55379: bypass of decompression bomb protection allows excessive memory allocation (bsc#1270411).
- CVE-2026-55380: crafted `.gd` file can trigger excessive C-heap allocation when loaded (bsc#1270412).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1207=1

Package List:

- openSUSE Leap 16.0:

python313-Pillow-11.3.0-160000.6.1
python313-Pillow-tk-11.3.0-160000.6.1

References:

* https://www.suse.com/security/cve/CVE-2026-42311.html
* https://www.suse.com/security/cve/CVE-2026-54059.html
* https://www.suse.com/security/cve/CVE-2026-54060.html
* https://www.suse.com/security/cve/CVE-2026-55379.html
* https://www.suse.com/security/cve/CVE-2026-55380.html



openSUSE-SU-2026:21292-1: important: Security update for agama


openSUSE security update: security update for agama
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21292-1
Rating: important
References:

* bsc#1270526
* bsc#1270602
* bsc#1270678
* bsc#1270784
* bsc#1270850
* bsc#1270891
* bsc#1270992

Cross-References:

* CVE-2026-41677
* CVE-2026-41678
* CVE-2026-41681
* CVE-2026-41898
* CVE-2026-42327
* CVE-2026-44662
* CVE-2026-45784

CVSS scores:

* CVE-2026-41677 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-41677 ( SUSE ): 1.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
* CVE-2026-41678 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-41678 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41681 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-41681 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-41898 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
* CVE-2026-41898 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-42327 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-42327 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-44662 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-44662 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-45784 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-45784 ( SUSE ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.

Description:

This update for agama fixes the following issues

- CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-
openssl crate (bsc#1270602).
- CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-openssl crate (bsc#1270678).
- CVE-2026-41681: openssl: MdCtxRef::digest_final() writes past caller buffer with no length check in rust-openssl crate
(bsc#1270784).
- CVE-2026-41898: openssl: unchecked callback-returned length in PSK and cookie generate trampolines can leak adjacent
memory in rust-openssl crate (bsc#1270850).
- CVE-2026-42327: openssl: arbitrary code execution via specially crafted certificate in rust-openssl crate
(bsc#1270526).
- CVE-2026-44662: openssl: heap buffer overflow when encrypting with AES key-wrap-with-padding in rust-openssl crate
(bsc#1270891).
- CVE-2026-45784: openssl: out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers in rust-
openssl crate (bsc#1270992).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1203=1

Package List:

- openSUSE Leap 16.0:

agama-17+647.daf9950fc-160000.12.1
agama-autoinstall-17+647.daf9950fc-160000.12.1
agama-cli-17+647.daf9950fc-160000.12.1
agama-cli-bash-completion-17+647.daf9950fc-160000.12.1
agama-cli-fish-completion-17+647.daf9950fc-160000.12.1
agama-cli-zsh-completion-17+647.daf9950fc-160000.12.1
agama-openapi-17+647.daf9950fc-160000.12.1
agama-scripts-17+647.daf9950fc-160000.12.1

References:

* https://www.suse.com/security/cve/CVE-2026-41677.html
* https://www.suse.com/security/cve/CVE-2026-41678.html
* https://www.suse.com/security/cve/CVE-2026-41681.html
* https://www.suse.com/security/cve/CVE-2026-41898.html
* https://www.suse.com/security/cve/CVE-2026-42327.html
* https://www.suse.com/security/cve/CVE-2026-44662.html
* https://www.suse.com/security/cve/CVE-2026-45784.html



openSUSE-SU-2026:21293-1: important: Security update for perl-DBI


openSUSE security update: security update for perl-dbi
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21293-1
Rating: important
References:

* bsc#1271017
* bsc#1271018

Cross-References:

* CVE-2026-14380
* CVE-2026-14740

CVSS scores:

* CVE-2026-14380 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-14740 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for perl-DBI fixes the following issues

- CVE-2026-14380: unvalidated string eval interpolation of the Profile package name can lead to arbitrary Perl code
execution (bsc#1271018).
- CVE-2026-14740: one-byte out-of-bounds read when deleting an initial SQL comment line can lead to a process crash
(bsc#1271017).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1204=1

Package List:

- openSUSE Leap 16.0:

perl-DBI-1.647.0-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-14380.html
* https://www.suse.com/security/cve/CVE-2026-14740.html



openSUSE-SU-2026:21290-1: important: Security update for sssd


openSUSE security update: security update for sssd
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21290-1
Rating: important
References:

* bsc#1270708
* bsc#1270709

Cross-References:

* CVE-2026-14474
* CVE-2026-14476

CVSS scores:

* CVE-2026-14474 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-14476 ( SUSE ): 8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for sssd fixes the following issues

- CVE-2026-14474: sudo LDAP provider searches entire directory tree for sudoRole objects by default, enabling privilege
escalation (bsc#1270709).
- CVE-2026-14476: GPO cache path traversal via unsanitized gPCFileSysPath allows Kerberos authentication bypass
(bsc#1270708).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1201=1

Package List:

- openSUSE Leap 16.0:

libipa_hbac-devel-2.10.2-160000.3.1
libipa_hbac0-2.10.2-160000.3.1
libnfsidmap-sss-2.10.2-160000.3.1
libsss_certmap-devel-2.10.2-160000.3.1
libsss_certmap0-2.10.2-160000.3.1
libsss_idmap-devel-2.10.2-160000.3.1
libsss_idmap0-2.10.2-160000.3.1
libsss_nss_idmap-devel-2.10.2-160000.3.1
libsss_nss_idmap0-2.10.2-160000.3.1
python3-ipa_hbac-2.10.2-160000.3.1
python3-sss-murmur-2.10.2-160000.3.1
python3-sss_nss_idmap-2.10.2-160000.3.1
python3-sssd-config-2.10.2-160000.3.1
sssd-2.10.2-160000.3.1
sssd-ad-2.10.2-160000.3.1
sssd-cifs-idmap-plugin-2.10.2-160000.3.1
sssd-dbus-2.10.2-160000.3.1
sssd-ipa-2.10.2-160000.3.1
sssd-kcm-2.10.2-160000.3.1
sssd-krb5-2.10.2-160000.3.1
sssd-krb5-common-2.10.2-160000.3.1
sssd-ldap-2.10.2-160000.3.1
sssd-proxy-2.10.2-160000.3.1
sssd-tools-2.10.2-160000.3.1
sssd-winbind-idmap-2.10.2-160000.3.1

References:

* https://www.suse.com/security/cve/CVE-2026-14474.html
* https://www.suse.com/security/cve/CVE-2026-14476.html



openSUSE-SU-2026:21291-1: important: Security update for ImageMagick


openSUSE security update: security update for imagemagick
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21291-1
Rating: important
References:

* bsc#1268640
* bsc#1268878
* bsc#1270001
* bsc#1270002
* bsc#1270003
* bsc#1270073
* bsc#1270074
* bsc#1270077
* bsc#1270079
* bsc#1270080
* bsc#1271099

Cross-References:

* CVE-2026-53466
* CVE-2026-53467
* CVE-2026-55594
* CVE-2026-55595
* CVE-2026-55597
* CVE-2026-56361
* CVE-2026-56363
* CVE-2026-56364
* CVE-2026-56374
* CVE-2026-56379

CVSS scores:

* CVE-2026-53466 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-53466 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-53467 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-53467 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-55594 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-55594 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-55595 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-55595 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-55597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-55597 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56361 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56361 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56363 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56363 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56364 ( SUSE ): 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-56364 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56374 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2026-56374 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-56379 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-56379 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 10 vulnerabilities and has 11 bug fixes can now be installed.

Description:

This update for ImageMagick fixes the following issues

- CVE-2026-53466: integer overflow in the XCF decoder can result in an out-of-bounds read when a crafted image is read
(bsc#1270073).
- CVE-2026-53467: allocated memory left unchanged in the MNG decoder can lead to a heap information disclosure
(bsc#1270074).
- CVE-2026-55594: missing depth check in the MVG decoder will result in a stack overflow when a crafted image is
provided (bsc#1270077).
- CVE-2026-55595: providing invalid arguments to the `connected-components` option can lead to an infinite loop
(bsc#1270079).
- CVE-2026-55597: incorrect handling of arguments can cause a heap buffer over-write in the JP2 encoder (bsc#1270080).
- CVE-2026-56361: off-by-one error in morphology validation can lead to an out-of-bounds read (bsc#1270001).
- CVE-2026-56363: integer overflow leading to a division by zero in binomial kernel processing can cause an application
crash (bsc#1270002).
- CVE-2026-56364: memory leak in `LoadOpenCLDeviceBenchmark` function when parsing malformed OpenCL device profile XML
files
with unclosed device elements (bsc#1270003).
- CVE-2026-56374: missing boundary checks can lead to a heap buffer overflow in the FTXT encoder when parsing
`ftxt:format` (bsc#1271099).
- CVE-2026-56379: arbitrary MVG drawing command injection via the SVG decoder when processing specially crafted SVG
files (bsc#1268878).
- GHSA-3j4x-rwrx-xxj9: possible use-after-free write in PDB decoder (bsc#1268640).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1202=1

Package List:

- openSUSE Leap 16.0:

ImageMagick-7.1.2.0-160000.11.1
ImageMagick-config-7-SUSE-7.1.2.0-160000.11.1
ImageMagick-config-7-upstream-limited-7.1.2.0-160000.11.1
ImageMagick-config-7-upstream-open-7.1.2.0-160000.11.1
ImageMagick-config-7-upstream-secure-7.1.2.0-160000.11.1
ImageMagick-config-7-upstream-websafe-7.1.2.0-160000.11.1
ImageMagick-devel-7.1.2.0-160000.11.1
ImageMagick-doc-7.1.2.0-160000.11.1
ImageMagick-extra-7.1.2.0-160000.11.1
libMagick++-7_Q16HDRI5-7.1.2.0-160000.11.1
libMagick++-devel-7.1.2.0-160000.11.1
libMagickCore-7_Q16HDRI10-7.1.2.0-160000.11.1
libMagickWand-7_Q16HDRI10-7.1.2.0-160000.11.1
perl-PerlMagick-7.1.2.0-160000.11.1

References:

* https://www.suse.com/security/cve/CVE-2026-53466.html
* https://www.suse.com/security/cve/CVE-2026-53467.html
* https://www.suse.com/security/cve/CVE-2026-55594.html
* https://www.suse.com/security/cve/CVE-2026-55595.html
* https://www.suse.com/security/cve/CVE-2026-55597.html
* https://www.suse.com/security/cve/CVE-2026-56361.html
* https://www.suse.com/security/cve/CVE-2026-56363.html
* https://www.suse.com/security/cve/CVE-2026-56364.html
* https://www.suse.com/security/cve/CVE-2026-56374.html
* https://www.suse.com/security/cve/CVE-2026-56379.html



openSUSE-SU-2026:21284-1: important: Security update for libXfont2


openSUSE security update: security update for libxfont2
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21284-1
Rating: important
References:

* bsc#1269018
* bsc#1269019
* bsc#1269020

Cross-References:

* CVE-2026-56001
* CVE-2026-56002
* CVE-2026-56003

CVSS scores:

* CVE-2026-56001 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-56001 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56002 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-56002 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56003 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-56003 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description:

This update for libXfont2 fixes the following issues

- CVE-2026-56001: BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow (bsc#1269018).
- CVE-2026-56002: PCF Font Parsing Heap Buffer Overflow (bsc#1269019).
- CVE-2026-56003: computeProps Property Buffer Heap Buffer Overflow (bsc#1269020).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1195=1

Package List:

- openSUSE Leap 16.0:

libXfont2-2-2.0.7-160000.4.1
libXfont2-devel-2.0.7-160000.4.1

References:

* https://www.suse.com/security/cve/CVE-2026-56001.html
* https://www.suse.com/security/cve/CVE-2026-56002.html
* https://www.suse.com/security/cve/CVE-2026-56003.html



openSUSE-SU-2026:21289-1: important: Security update for tiff


openSUSE security update: security update for tiff
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21289-1
Rating: important
References:

* bsc#1268434
* bsc#1269779

Cross-References:

* CVE-2026-12912
* CVE-2026-36849
* CVE-2026-4775

CVSS scores:

* CVE-2026-12912 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-36849 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-4775 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-4775 ( SUSE ): 8.8 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 3 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for tiff fixes the following issues

- CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF image (bsc#1269779).
- CVE-2026-36849: denial of service when processing a a crafted TIFF file containing a large SamplesPerPixel tag value
(bsc#1268434).

Changes for tiff:

- Update to 4.7.2:

Software configuration changes:

* cmake: Fix bundle identifiers to use reverse-DNS format
* cmake: Fix and improve Apple framework build support
* cmake: Use TurboJPEG CONFIG by default (issue #767)
* cmake: changes related to 8-/12-bit modes
* cmake: Replace CMath::CMath with direct link to avoid export.
* Support for iOS-derived builds
* Simplify cmake byte order version check
* Add additional warnings, primarily floating precision conversions and integer arithmetic conversions
* configure.ac: Require bootstrap with at least Autoconf 2.71.

Bug fixes:

* Handle negative TIFFReadFile results before state updates (issue #854)
* tif_dirread.c: fix copy-paste bug in ChopUpSingleUncompressedStrip
* tif_read.c: Fixed division by zero in TIFFStartStrip() (issue #777)
* tif_dirwrite.c: add integer overflow checks to allocation size calculations
* tif_print.c: add integer overflow checks to allocation size calculations
* tif_write.c: fix OOB read and underflow in TIFFAppendToStrip copy loop
* DumpModeSeek: add bounds check to prevent OOB pointer advance
* TIFFGrowStrips: fix use-after-free on partial realloc failure.
* Fix NULL dereference in _TIFFReserveLargeEnoughWriteBuffer() by validating the strip bytecount array before accessing it.
* TIFFRGBAImage: avoid int overflows in put functions (issue #830)
* tif_getimage: fix inconsistent fromskew handling in put16bitbwtile (issue #792)
* tif_getimage: Widen pointer-offset arithmetic in tif_getimage
* putcontig8bitYCbCr44tile: fix wrong fromskew computation (issue #798)
* putcontig8bitYCbCr42tile: Reject invalid YCbCr subsampling when image dimensions are smaller than the subsampling block to prevent out-of-bounds writes. (issue #753)
* TIFFFillStrip/Tile(): avoid excessive memory allocation (issue #831)
* TIFFLinkDirectory() checks for IFD loops (issue #788)
* Check result of _TIFFCheckRealloc to prevent memory leaks and segmentation fault when reallocation fails.
* TIFFVTileSize64(): in YCbCr contig non upsampled mode, validate td_samplesperpixel==3 (issue #805)
* TIFFReadDirEntryPersampleShort(): be tolerant to tags like SampleFormat not having 1 or SamplesPerPixel values ( https://github.com/OSGeo/gdal/issues/13465)
* tif_getimage: reject tile widths that would overflow toskew (issue #808)
* Fix integer overflow in _TIFFPartialReadStripArray on 32-bit.
* TIFFAppendToStrip(): add some checks to avoid null-pointer-dereferencing (issue #777).
* _TIFFGetStrileOffsetOrByteCountValue(): fix potential crash on corrupted files when file opened in 'O' mode ( https://issues.oss-fuzz.com/issues/471328917)
* TIFFReadDirectory(): re-set TIFF_LAZYSTRILELOAD if file opened in 'O' mode
* _TIFFMergeFields(): avoid NULL ptr dereference (issue #755).
* Check td_stripbytecount_p and td_stripoffset_p for NULL pointer before (re-)writing to file. (issue #749)
* JPEGDecodeRaw: initialize output buffer to avoid returning uninitialized memory (issue #892)
* JPEG decompressor: initialize output buffer when JPEG image is smaller than strile dimension to avoid heap memory disclosure (issue #826)
* JPEG: fix generation of tiled 12-bit JPEG compressed files with libjpeg-turbo 3.0.3 (issue #773)
* JPEGDecode(): fix memory leak in error code path ( https://issues.oss-fuzz.com/issues/471945501)
* tif_jpeg: reject mismatched JPEG data precision to avoid write overflow
* Fix signed left-shift UB in LogLuv RANDITHER encoding (issue #850)
* PixarLog: error out on invalid ABGR output buffer sizes.
* PixarLog: complete ABGR bounds check for multi-row strip decoding.
* PixarLog: fix undoing horizontal differencing when SamplesPerPixel != 3 and 4 (issue #789).
* PixarLog codec: fix potential integer overflow/out-of-bounds access (issue #797)
* TIFFAdvanceDirectory(): avoid potential read heap-buffer-overflow in mmap code path on 32 bit builds ( https://issues.oss-fuzz.com/issues/506737072)
* OJPEG: fix integer overflow in subsampling buffer allocation.
* OJPEG: fix nullptr deref when changing compression method from OJPEG to something else (issue #795).
* OJPEG fix potential integer overflow/out-of-bounds access (issue #796).
* ojpeg: prevent EOF infinite loop (fixes commit 2a3d55b)
* fix null pointer deference in issue #782.
* fix stack-overflow in issue #784.

Other changes:

* Change EXIF and GPS tag type from IFD8 to LONG8 per EXIF-specification (issue #739).
* Harden integer size and offset calculations (issue #897)
* TIFFComputeTile/TIFFComputeStrip: use overflow-checked multiplication
* Move widening casts inside multiplication scope.
* Lots of compiler warning fixes related to enabling more warning flags
* Align writing and reading of TIFF_LONG8 and TIFF_IFD8 tags (issue #773)
* TIFFFillStrip(): prevent harmless unsigned integer overflow

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1200=1

Package List:

- openSUSE Leap 16.0:

libtiff-devel-4.7.2-160000.1.1
libtiff-devel-docs-4.7.2-160000.1.1
libtiff6-4.7.2-160000.1.1
tiff-4.7.2-160000.1.1
tiff-docs-4.7.2-160000.1.1

References:

* https://www.suse.com/security/cve/CVE-2026-12912.html
* https://www.suse.com/security/cve/CVE-2026-36849.html
* https://www.suse.com/security/cve/CVE-2026-4775.html



openSUSE-SU-2026:21283-1: important: Security update for xwayland


openSUSE security update: security update for xwayland
-------------------------------------------------------------

Announcement ID: openSUSE-SU-2026:21283-1
Rating: important
References:

* bsc#1268893
* bsc#1268894

Cross-References:

* CVE-2026-55999
* CVE-2026-56000

CVSS scores:

* CVE-2026-55999 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-55999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-56000 ( SUSE ): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-56000 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

openSUSE Leap 16.0

-------------------------------------------------------------

An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description:

This update for xwayland fixes the following issues

- CVE-2026-55999: missing bounds check in `glamor_font_get` can lead to a heap buffer overflow when a font loaded from
a malicious PCF file is processed (bsc#1268893).
- CVE-2026-56000: improper memory management in `CommonMakeCurrent` can lead to a heap use-after-free when an
interaction with a malicious client creating GLX contexts happens (bsc#1268894).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-1194=1

Package List:

- openSUSE Leap 16.0:

xwayland-24.1.6-160000.6.1
xwayland-devel-24.1.6-160000.6.1

References:

* https://www.suse.com/security/cve/CVE-2026-55999.html
* https://www.suse.com/security/cve/CVE-2026-56000.html



SUSE-SU-2026:2853-1: important: Security update for tiff


# Security update for tiff

Announcement ID: SUSE-SU-2026:2853-1
Release Date: 2026-07-10T17:54:45Z
Rating: important
References:

* bsc#1268434
* bsc#1269779

Cross-References:

* CVE-2026-12912
* CVE-2026-36849
* CVE-2026-4775

CVSS scores:

* CVE-2026-12912 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-12912 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-12912 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-36849 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-4775 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-4775 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-4775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-4775 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves three vulnerabilities can now be installed.

## Description:

This update for tiff fixes the following issues:

Update to version 4.7.2.

Security issues fixed:

* CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-
compressed TIFF image (bsc#1269779).
* CVE-2026-36849: denial of service when processing a a crafted TIFF file
containing a large SamplesPerPixel tag value (bsc#1268434).

Other updates and bugfixes:

* Version 4.7.2:
* Software configuration changes:
* cmake: Fix bundle identifiers to use reverse-DNS format
* cmake: Fix and improve Apple framework build support
* cmake: Use TurboJPEG CONFIG by default (issue #767)
* cmake: changes related to 8-/12-bit modes
* cmake: Replace CMath::CMath with direct link to avoid export.
* Support for iOS-derived builds
* Simplify cmake byte order version check
* Add additional warnings, primarily floating precision conversions and integer arithmetic conversions
* configure.ac: Require bootstrap with at least Autoconf 2.71.
* Library changes:
* New/improved functionalities::
* Add TIFFGetMaxCompressionRatio() and use it in _TIFFReadEncoded[Tile|Strip)AndAllocBuffer() (issue #781)
* Bug fixes:
* Handle negative TIFFReadFile results before state updates (issue #854)
* tif_dirread.c: fix copy-paste bug in ChopUpSingleUncompressedStrip
* tif_read.c: Fixed division by zero in TIFFStartStrip() (issue #777)
* tif_dirwrite.c: add integer overflow checks to allocation size calculations
* tif_print.c: add integer overflow checks to allocation size calculations
* tif_write.c: fix OOB read and underflow in TIFFAppendToStrip copy loop
* DumpModeSeek: add bounds check to prevent OOB pointer advance
* TIFFGrowStrips: fix use-after-free on partial realloc failure.
* Fix NULL dereference in _TIFFReserveLargeEnoughWriteBuffer() by validating the strip bytecount array before accessing it.
* TIFFRGBAImage: avoid int overflows in put functions (issue #830)
* tif_getimage: fix inconsistent fromskew handling in put16bitbwtile (issue #792)
* tif_getimage: Widen pointer-offset arithmetic in tif_getimage
* putcontig8bitYCbCr44tile: fix wrong fromskew computation (issue #798)
* putcontig8bitYCbCr42tile: Reject invalid YCbCr subsampling when image dimensions are smaller than the subsampling block to prevent out-of-bounds writes. (issue #753)
* TIFFReadRGBAImage(): prevent integer overflow and later heap overflow (issue #787)
* TIFFFillStrip/Tile(): avoid excessive memory allocation (issue #831)
* TIFFLinkDirectory() checks for IFD loops (issue #788)
* Check result of _TIFFCheckRealloc to prevent memory leaks and segmentation fault when reallocation fails.
* TIFFVTileSize64(): in YCbCr contig non upsampled mode, validate td_samplesperpixel==3 (issue #805)
* TIFFReadDirEntryPersampleShort(): be tolerant to tags like SampleFormat not having 1 or SamplesPerPixel values ( https://github.com/OSGeo/gdal/issues/13465)
* tif_getimage: reject tile widths that would overflow toskew (issue #808)
* Fix integer overflow in _TIFFPartialReadStripArray on 32-bit.
* TIFFAppendToStrip(): add some checks to avoid null-pointer-dereferencing (issue #777).
* _TIFFGetStrileOffsetOrByteCountValue(): fix potential crash on corrupted files when file opened in 'O' mode ( https://issues.oss-fuzz.com/issues/471328917)
* TIFFReadDirectory(): re-set TIFF_LAZYSTRILELOAD if file opened in 'O' mode
* _TIFFMergeFields(): avoid NULL ptr dereference (issue #755).
* Check td_stripbytecount_p and td_stripoffset_p for NULL pointer before (re-)writing to file. (issue #749)
* JPEGDecodeRaw: initialize output buffer to avoid returning uninitialized memory (issue #892)
* JPEG decompressor: initialize output buffer when JPEG image is smaller than strile dimension to avoid heap memory disclosure (issue #826)
* JPEG: fix generation of tiled 12-bit JPEG compressed files with libjpeg-turbo 3.0.3 (issue #773)
* JPEGDecode(): fix memory leak in error code path ( https://issues.oss-fuzz.com/issues/471945501)
* tif_jpeg: reject mismatched JPEG data precision to avoid write overflow
* Fix signed left-shift UB in LogLuv RANDITHER encoding (issue #850)
* PixarLog: error out on invalid ABGR output buffer sizes.
* PixarLog: complete ABGR bounds check for multi-row strip decoding.
* PixarLog: fix heap-buffer-overflow in 8BITABGR decode with stride 3 (issue #824)
* PixarLog: fix undoing horizontal differencing when SamplesPerPixel != 3 and 4 (issue #789).
* PixarLog codec: fix potential integer overflow/out-of-bounds access (issue #797)
* TIFFAdvanceDirectory(): avoid potential read heap-buffer-overflow in mmap code path on 32 bit builds ( https://issues.oss-fuzz.com/issues/506737072)
* OJPEG: fix integer overflow in subsampling buffer allocation.
* OJPEG: fix nullptr deref when changing compression method from OJPEG to something else (issue #795).
* OJPEG fix potential integer overflow/out-of-bounds access (issue #796).
* ojpeg: prevent EOF infinite loop (fixes commit 2a3d55b)
* fix null pointer deference in issue #782.
* fix stack-overflow in issue #784.
* Other changes:
* Change EXIF and GPS tag type from IFD8 to LONG8 per EXIF-specification (issue #739).
* Harden integer size and offset calculations (issue #897)
* TIFFComputeTile/TIFFComputeStrip: use overflow-checked multiplication
* Move widening casts inside multiplication scope.
* Lots of compiler warning fixes related to enabling more warning flags
* Align writing and reading of TIFF_LONG8 and TIFF_IFD8 tags (issue #773)
* TIFFFillStrip(): prevent harmless unsigned integer overflow

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2853=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2853=1

* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2853=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2853=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2853=1

## Package List:

* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libtiff6-4.7.2-150600.3.29.1
* libtiff6-debuginfo-4.7.2-150600.3.29.1
* libtiff-devel-4.7.2-150600.3.29.1
* tiff-debugsource-4.7.2-150600.3.29.1
* tiff-debuginfo-4.7.2-150600.3.29.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* libtiff6-32bit-4.7.2-150600.3.29.1
* libtiff6-32bit-debuginfo-4.7.2-150600.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* libtiff6-4.7.2-150600.3.29.1
* libtiff6-debuginfo-4.7.2-150600.3.29.1
* libtiff-devel-4.7.2-150600.3.29.1
* tiff-debugsource-4.7.2-150600.3.29.1
* tiff-debuginfo-4.7.2-150600.3.29.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* libtiff6-32bit-4.7.2-150600.3.29.1
* libtiff6-32bit-debuginfo-4.7.2-150600.3.29.1
* Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* libtiff6-4.7.2-150600.3.29.1
* libtiff6-debuginfo-4.7.2-150600.3.29.1
* libtiff-devel-4.7.2-150600.3.29.1
* tiff-debugsource-4.7.2-150600.3.29.1
* tiff-debuginfo-4.7.2-150600.3.29.1
* Basesystem Module 15-SP7 (x86_64)
* libtiff6-32bit-4.7.2-150600.3.29.1
* libtiff6-32bit-debuginfo-4.7.2-150600.3.29.1
* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* tiff-4.7.2-150600.3.29.1
* tiff-debugsource-4.7.2-150600.3.29.1
* tiff-debuginfo-4.7.2-150600.3.29.1
* openSUSE Leap 15.6 (aarch64 i586 ppc64le s390x x86_64)
* libtiff6-4.7.2-150600.3.29.1
* libtiff6-debuginfo-4.7.2-150600.3.29.1
* libtiff-devel-4.7.2-150600.3.29.1
* tiff-4.7.2-150600.3.29.1
* tiff-debugsource-4.7.2-150600.3.29.1
* tiff-debuginfo-4.7.2-150600.3.29.1
* openSUSE Leap 15.6 (x86_64)
* libtiff6-32bit-4.7.2-150600.3.29.1
* libtiff-devel-32bit-4.7.2-150600.3.29.1
* libtiff6-32bit-debuginfo-4.7.2-150600.3.29.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libtiff6-64bit-4.7.2-150600.3.29.1
* libtiff6-64bit-debuginfo-4.7.2-150600.3.29.1
* libtiff-devel-64bit-4.7.2-150600.3.29.1
* openSUSE Leap 15.6 (noarch)
* tiff-docs-4.7.2-150600.3.29.1
* libtiff-devel-docs-4.7.2-150600.3.29.1

## References:

* https://www.suse.com/security/cve/CVE-2026-12912.html
* https://www.suse.com/security/cve/CVE-2026-36849.html
* https://www.suse.com/security/cve/CVE-2026-4775.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268434
* https://bugzilla.suse.com/show_bug.cgi?id=1269779



SUSE-SU-2026:2854-1: moderate: Security update for python-urllib3


# Security update for python-urllib3

Announcement ID: SUSE-SU-2026:2854-1
Release Date: 2026-07-10T17:58:58Z
Rating: moderate
References:

* bsc#1254867
* bsc#1270365

Cross-References:

* CVE-2025-66471

CVSS scores:

* CVE-2025-66471 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2025-66471 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2025-66471 ( NVD ): 8.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-66471 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* Basesystem Module 15-SP7
* openSUSE Leap 15.3
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability and has one security fix can now be
installed.

## Description:

This update for python-urllib3 fixes the following issue

* Regression introduced by CVE-2025-66471 fix during file download with pySSL
(bsc#1270365).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2854=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2854=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2854=1

* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-2854=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2854=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2854=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2854=1

## Package List:

* Basesystem Module 15-SP7 (noarch)
* python3-urllib3-1.25.10-150300.4.30.1
* SUSE Linux Enterprise Micro 5.5 (noarch)
* python3-urllib3-1.25.10-150300.4.30.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
* python3-urllib3-1.25.10-150300.4.30.1
* SUSE Linux Enterprise Micro 5.3 (noarch)
* python3-urllib3-1.25.10-150300.4.30.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
* python3-urllib3-1.25.10-150300.4.30.1
* SUSE Linux Enterprise Micro 5.4 (noarch)
* python3-urllib3-1.25.10-150300.4.30.1
* openSUSE Leap 15.3 (noarch)
* python3-urllib3-1.25.10-150300.4.30.1

## References:

* https://www.suse.com/security/cve/CVE-2025-66471.html
* https://bugzilla.suse.com/show_bug.cgi?id=1254867
* https://bugzilla.suse.com/show_bug.cgi?id=1270365



SUSE-SU-2026:2864-1: important: Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 45 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2864-1
Release Date: 2026-07-11T21:22:55Z
Rating: important
References:

* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023

Cross-References:

* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943

CVSS scores:

* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 21 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.179 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2864=1 SUSE-2026-2865=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2865=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2864=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-20-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-14-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_170-default-debuginfo-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-debuginfo-14-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_45-debugsource-14-150400.2.1
* kernel-livepatch-5_14_21-150400_24_170-default-20-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_42-debugsource-20-150400.2.1
* kernel-livepatch-5_14_21-150400_24_179-default-14-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023



SUSE-SU-2026:2866-1: important: Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 22 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2866-1
Release Date: 2026-07-12T23:25:50Z
Rating: important
References:

* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264567
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
* bsc#1269495

Cross-References:

* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43120
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
* CVE-2026-53362

CVSS scores:

* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43120 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 24 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.95 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr
(bsc#1264567).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
* CVE-2026-53362: ipv6: account for fraggap on the paged allocation path
(bsc#1269495).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2866=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2866=1

## Package List:

* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_22-debugsource-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_95-default-6-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_95-default-debuginfo-6-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_22-debugsource-6-150600.2.2
* kernel-livepatch-6_4_0-150600_23_95-default-6-150600.2.2

## References:

* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43120.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-53362.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264567
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
* https://bugzilla.suse.com/show_bug.cgi?id=1269495



SUSE-SU-2026:2867-1: important: Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 41 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2867-1
Release Date: 2026-07-13T08:05:06Z
Rating: important
References:

* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023

Cross-References:

* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943

CVSS scores:

* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 21 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.167 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2867=1

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2867=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-21-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-21-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-21-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_167-default-21-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_41-debugsource-21-150400.2.1
* kernel-livepatch-5_14_21-150400_24_167-default-debuginfo-21-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023



SUSE-SU-2026:2868-1: important: Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 32 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:2868-1
Release Date: 2026-07-13T08:09:15Z
Rating: important
References:

* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023

Cross-References:

* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943

CVSS scores:

* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 23 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.127 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2869=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-2870=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-2868=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2870=1 SUSE-2026-2868=1 SUSE-2026-2869=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_116-default-18-150500.2.2
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-18-150500.2.2
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-15-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-15-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-18-150500.2.2
* kernel-livepatch-5_14_21-150500_55_127-default-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_121-default-15-150500.2.2
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_32-debugsource-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_116-default-18-150500.2.2
* kernel-livepatch-5_14_21-150500_55_116-default-debuginfo-18-150500.2.2
* kernel-livepatch-5_14_21-150500_55_127-default-debuginfo-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_121-default-debuginfo-15-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_30-debugsource-15-150500.2.2
* kernel-livepatch-5_14_21-150500_55_127-default-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_121-default-15-150500.2.2
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x)
* kernel-livepatch-SLE15-SP5_Update_29-debugsource-18-150500.2.2

## References:

* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023



openSUSE-SU-2026:11249-1: moderate: python313-weasyprint-69.0-1.1 on GA media


# python313-weasyprint-69.0-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11249-1
Rating: moderate

Cross-References:

* CVE-2026-49452

CVSS scores:

* CVE-2026-49452 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the python313-weasyprint-69.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python313-weasyprint 69.0-1.1
* python314-weasyprint 69.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-49452.html



openSUSE-SU-2026:11254-1: moderate: chromedriver-150.0.7871.114-1.1 on GA media


# chromedriver-150.0.7871.114-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11254-1
Rating: moderate

Cross-References:

* CVE-2026-15107
* CVE-2026-15108
* CVE-2026-15109
* CVE-2026-15110
* CVE-2026-15111
* CVE-2026-15112
* CVE-2026-15113
* CVE-2026-15114
* CVE-2026-15115
* CVE-2026-15116
* CVE-2026-15117
* CVE-2026-15118
* CVE-2026-15119
* CVE-2026-15120
* CVE-2026-15121
* CVE-2026-15122
* CVE-2026-15123
* CVE-2026-15124
* CVE-2026-15125
* CVE-2026-15126
* CVE-2026-15127
* CVE-2026-15128
* CVE-2026-15129
* CVE-2026-15130
* CVE-2026-15131
* CVE-2026-15132
* CVE-2026-15133

Affected Products:

* openSUSE Tumbleweed

An update that solves 27 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the chromedriver-150.0.7871.114-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* chromedriver 150.0.7871.114-1.1
* chromium 150.0.7871.114-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-15107.html
* https://www.suse.com/security/cve/CVE-2026-15108.html
* https://www.suse.com/security/cve/CVE-2026-15109.html
* https://www.suse.com/security/cve/CVE-2026-15110.html
* https://www.suse.com/security/cve/CVE-2026-15111.html
* https://www.suse.com/security/cve/CVE-2026-15112.html
* https://www.suse.com/security/cve/CVE-2026-15113.html
* https://www.suse.com/security/cve/CVE-2026-15114.html
* https://www.suse.com/security/cve/CVE-2026-15115.html
* https://www.suse.com/security/cve/CVE-2026-15116.html
* https://www.suse.com/security/cve/CVE-2026-15117.html
* https://www.suse.com/security/cve/CVE-2026-15118.html
* https://www.suse.com/security/cve/CVE-2026-15119.html
* https://www.suse.com/security/cve/CVE-2026-15120.html
* https://www.suse.com/security/cve/CVE-2026-15121.html
* https://www.suse.com/security/cve/CVE-2026-15122.html
* https://www.suse.com/security/cve/CVE-2026-15123.html
* https://www.suse.com/security/cve/CVE-2026-15124.html
* https://www.suse.com/security/cve/CVE-2026-15125.html
* https://www.suse.com/security/cve/CVE-2026-15126.html
* https://www.suse.com/security/cve/CVE-2026-15127.html
* https://www.suse.com/security/cve/CVE-2026-15128.html
* https://www.suse.com/security/cve/CVE-2026-15129.html
* https://www.suse.com/security/cve/CVE-2026-15130.html
* https://www.suse.com/security/cve/CVE-2026-15131.html
* https://www.suse.com/security/cve/CVE-2026-15132.html
* https://www.suse.com/security/cve/CVE-2026-15133.html



openSUSE-SU-2026:11248-1: moderate: python313-Django-5.2.16-1.1 on GA media


# python313-Django-5.2.16-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11248-1
Rating: moderate

Cross-References:

* CVE-2015-3982
* CVE-2015-5145
* CVE-2015-5963
* CVE-2016-7401
* CVE-2017-12794
* CVE-2017-7233
* CVE-2017-7234
* CVE-2018-16984
* CVE-2018-6188
* CVE-2018-7536
* CVE-2018-7537
* CVE-2019-11358
* CVE-2019-12308
* CVE-2019-12781
* CVE-2019-14232
* CVE-2019-19118
* CVE-2019-19844
* CVE-2019-3498
* CVE-2019-6975
* CVE-2020-13254
* CVE-2020-13596
* CVE-2020-24583
* CVE-2020-24584
* CVE-2020-7471
* CVE-2020-9402
* CVE-2021-31542
* CVE-2021-32052
* CVE-2021-33203
* CVE-2021-33571
* CVE-2021-35042
* CVE-2023-31047
* CVE-2023-36053
* CVE-2023-41164
* CVE-2023-43665
* CVE-2024-24680
* CVE-2024-27351
* CVE-2024-38875
* CVE-2024-39329
* CVE-2024-39330
* CVE-2024-39614
* CVE-2024-41989
* CVE-2024-41990
* CVE-2024-41991
* CVE-2024-42005
* CVE-2024-45230
* CVE-2024-45231
* CVE-2026-48588
* CVE-2026-53877
* CVE-2026-53878

CVSS scores:

* CVE-2016-7401 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2018-16984 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2018-7537 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2019-12308 ( SUSE ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2019-12781 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2019-14232 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2019-19844 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2019-3498 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
* CVE-2019-6975 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2020-13596 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
* CVE-2020-24583 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-24584 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2020-7471 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
* CVE-2020-9402 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
* CVE-2021-31542 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-32052 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2021-33203 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
* CVE-2021-33571 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2023-31047 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2023-36053 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-41164 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-43665 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-24680 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-27351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-38875 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-39329 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2024-39330 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-39614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-41989 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-41990 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-41991 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-42005 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45231 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-48588 ( SUSE ): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
* CVE-2026-53877 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
* CVE-2026-53878 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 49 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the python313-Django-5.2.16-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* python313-Django 5.2.16-1.1
* python314-Django 5.2.16-1.1

## References:

* https://www.suse.com/security/cve/CVE-2015-3982.html
* https://www.suse.com/security/cve/CVE-2015-5145.html
* https://www.suse.com/security/cve/CVE-2015-5963.html
* https://www.suse.com/security/cve/CVE-2016-7401.html
* https://www.suse.com/security/cve/CVE-2017-12794.html
* https://www.suse.com/security/cve/CVE-2017-7233.html
* https://www.suse.com/security/cve/CVE-2017-7234.html
* https://www.suse.com/security/cve/CVE-2018-16984.html
* https://www.suse.com/security/cve/CVE-2018-6188.html
* https://www.suse.com/security/cve/CVE-2018-7536.html
* https://www.suse.com/security/cve/CVE-2018-7537.html
* https://www.suse.com/security/cve/CVE-2019-11358.html
* https://www.suse.com/security/cve/CVE-2019-12308.html
* https://www.suse.com/security/cve/CVE-2019-12781.html
* https://www.suse.com/security/cve/CVE-2019-14232.html
* https://www.suse.com/security/cve/CVE-2019-19118.html
* https://www.suse.com/security/cve/CVE-2019-19844.html
* https://www.suse.com/security/cve/CVE-2019-3498.html
* https://www.suse.com/security/cve/CVE-2019-6975.html
* https://www.suse.com/security/cve/CVE-2020-13254.html
* https://www.suse.com/security/cve/CVE-2020-13596.html
* https://www.suse.com/security/cve/CVE-2020-24583.html
* https://www.suse.com/security/cve/CVE-2020-24584.html
* https://www.suse.com/security/cve/CVE-2020-7471.html
* https://www.suse.com/security/cve/CVE-2020-9402.html
* https://www.suse.com/security/cve/CVE-2021-31542.html
* https://www.suse.com/security/cve/CVE-2021-32052.html
* https://www.suse.com/security/cve/CVE-2021-33203.html
* https://www.suse.com/security/cve/CVE-2021-33571.html
* https://www.suse.com/security/cve/CVE-2021-35042.html
* https://www.suse.com/security/cve/CVE-2023-31047.html
* https://www.suse.com/security/cve/CVE-2023-36053.html
* https://www.suse.com/security/cve/CVE-2023-41164.html
* https://www.suse.com/security/cve/CVE-2023-43665.html
* https://www.suse.com/security/cve/CVE-2024-24680.html
* https://www.suse.com/security/cve/CVE-2024-27351.html
* https://www.suse.com/security/cve/CVE-2024-38875.html
* https://www.suse.com/security/cve/CVE-2024-39329.html
* https://www.suse.com/security/cve/CVE-2024-39330.html
* https://www.suse.com/security/cve/CVE-2024-39614.html
* https://www.suse.com/security/cve/CVE-2024-41989.html
* https://www.suse.com/security/cve/CVE-2024-41990.html
* https://www.suse.com/security/cve/CVE-2024-41991.html
* https://www.suse.com/security/cve/CVE-2024-42005.html
* https://www.suse.com/security/cve/CVE-2024-45230.html
* https://www.suse.com/security/cve/CVE-2024-45231.html
* https://www.suse.com/security/cve/CVE-2026-48588.html
* https://www.suse.com/security/cve/CVE-2026-53877.html
* https://www.suse.com/security/cve/CVE-2026-53878.html



openSUSE-SU-2026:11247-1: moderate: libredwg-devel-0.14.8413-1.1 on GA media


# libredwg-devel-0.14.8413-1.1 on GA media

Announcement ID: openSUSE-SU-2026:11247-1
Rating: moderate

Cross-References:

* CVE-2026-15181
* CVE-2026-15184
* CVE-2026-9529

Affected Products:

* openSUSE Tumbleweed

An update that solves 3 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the libredwg-devel-0.14.8413-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libredwg-devel 0.14.8413-1.1
* libredwg-tools 0.14.8413-1.1
* libredwg0 0.14.8413-1.1

## References:

* https://www.suse.com/security/cve/CVE-2026-15181.html
* https://www.suse.com/security/cve/CVE-2026-15184.html
* https://www.suse.com/security/cve/CVE-2026-9529.html



SUSE-SU-2026:2874-1: moderate: Security update for sccache


# Security update for sccache

Announcement ID: SUSE-SU-2026:2874-1
Release Date: 2026-07-13T09:11:08Z
Rating: moderate
References:

* bsc#1270206

Cross-References:

* CVE-2026-41676

CVSS scores:

* CVE-2026-41676 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41676 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-41676 ( NVD ): 7.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41676 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for sccache fixes the following issue

* CVE-2026-41676: openssl: `Deriver:derive` and `PkeyCtxRef:derive` can
overflow short buffers on OpenSSL 1.1.1 (bsc#1270206).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2874=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* sccache-0.4.2~4-150400.3.12.1
* sccache-debuginfo-0.4.2~4-150400.3.12.1
* sccache-debugsource-0.4.2~4-150400.3.12.1

## References:

* https://www.suse.com/security/cve/CVE-2026-41676.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270206



SUSE-SU-2026:2875-1: important: Security update for python-Pillow


# Security update for python-Pillow

Announcement ID: SUSE-SU-2026:2875-1
Release Date: 2026-07-13T09:12:44Z
Rating: important
References:

* bsc#1270409
* bsc#1270410
* bsc#1270411
* bsc#1270412

Cross-References:

* CVE-2026-54059
* CVE-2026-54060
* CVE-2026-55379
* CVE-2026-55380

CVSS scores:

* CVE-2026-54059 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-54059 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-54060 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-54060 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-55379 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-55379 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-55380 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-55380 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Desktop 15 SP7
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* SUSE Package Hub 15 15-SP7

An update that solves four vulnerabilities can now be installed.

## Description:

This update for python-Pillow fixes the following issues

* CVE-2026-54059: crafted PCF font data can cause excessive memory allocation
(bsc#1270409).
* CVE-2026-54060: a font can trigger excessive allocation during conversion or
saving (bsc#1270410).
* CVE-2026-55379: bypass of decompression bomb protection, allowing excessive
memory allocation (bsc#1270411).
* CVE-2026-55380: crafted .gd file can trigger excessive C-heap allocation
when loaded (bsc#1270412).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-2875=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2875=1

## Package List:

* SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
* python-Pillow-debuginfo-7.2.0-150300.3.27.1
* python3-Pillow-debuginfo-7.2.0-150300.3.27.1
* python-Pillow-debugsource-7.2.0-150300.3.27.1
* python3-Pillow-7.2.0-150300.3.27.1
* openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64)
* python-Pillow-debuginfo-7.2.0-150300.3.27.1
* python3-Pillow-tk-debuginfo-7.2.0-150300.3.27.1
* python3-Pillow-debuginfo-7.2.0-150300.3.27.1
* python3-Pillow-7.2.0-150300.3.27.1
* python3-Pillow-tk-7.2.0-150300.3.27.1
* python-Pillow-debugsource-7.2.0-150300.3.27.1

## References:

* https://www.suse.com/security/cve/CVE-2026-54059.html
* https://www.suse.com/security/cve/CVE-2026-54060.html
* https://www.suse.com/security/cve/CVE-2026-55379.html
* https://www.suse.com/security/cve/CVE-2026-55380.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270409
* https://bugzilla.suse.com/show_bug.cgi?id=1270410
* https://bugzilla.suse.com/show_bug.cgi?id=1270411
* https://bugzilla.suse.com/show_bug.cgi?id=1270412



SUSE-SU-2026:2880-1: moderate: Security update for php8


# Security update for php8

Announcement ID: SUSE-SU-2026:2880-1
Release Date: 2026-07-13T09:39:59Z
Rating: moderate
References:

* bsc#1270351

Cross-References:

* CVE-2026-14355

CVSS scores:

* CVE-2026-14355 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
* CVE-2026-14355 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2026-14355 ( NVD ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
* CVE-2026-14355 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* openSUSE Leap 15.4

An update that solves one vulnerability can now be installed.

## Description:

This update for php8 fixes the following issue

* CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL
extension contains a buffer allocation flaw (bsc#1270351).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2880=1

## Package List:

* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* php8-bcmath-debuginfo-8.0.30-150400.4.68.1
* php8-zip-debuginfo-8.0.30-150400.4.68.1
* php8-mysql-8.0.30-150400.4.68.1
* php8-pcntl-8.0.30-150400.4.68.1
* php8-bcmath-8.0.30-150400.4.68.1
* php8-embed-debuginfo-8.0.30-150400.4.68.1
* apache2-mod_php8-8.0.30-150400.4.68.1
* php8-openssl-debuginfo-8.0.30-150400.4.68.1
* php8-opcache-debuginfo-8.0.30-150400.4.68.1
* php8-sockets-debuginfo-8.0.30-150400.4.68.1
* php8-fileinfo-8.0.30-150400.4.68.1
* php8-phar-8.0.30-150400.4.68.1
* php8-ctype-debuginfo-8.0.30-150400.4.68.1
* php8-ftp-debuginfo-8.0.30-150400.4.68.1
* php8-fileinfo-debuginfo-8.0.30-150400.4.68.1
* php8-fpm-debuginfo-8.0.30-150400.4.68.1
* php8-bz2-debuginfo-8.0.30-150400.4.68.1
* php8-readline-debuginfo-8.0.30-150400.4.68.1
* php8-tidy-8.0.30-150400.4.68.1
* php8-phar-debuginfo-8.0.30-150400.4.68.1
* php8-calendar-8.0.30-150400.4.68.1
* php8-gettext-debuginfo-8.0.30-150400.4.68.1
* php8-xsl-8.0.30-150400.4.68.1
* php8-fastcgi-debugsource-8.0.30-150400.4.68.1
* php8-gmp-debuginfo-8.0.30-150400.4.68.1
* php8-shmop-debuginfo-8.0.30-150400.4.68.1
* php8-posix-debuginfo-8.0.30-150400.4.68.1
* php8-readline-8.0.30-150400.4.68.1
* php8-bz2-8.0.30-150400.4.68.1
* php8-debuginfo-8.0.30-150400.4.68.1
* php8-sysvmsg-debuginfo-8.0.30-150400.4.68.1
* php8-sysvshm-8.0.30-150400.4.68.1
* php8-zip-8.0.30-150400.4.68.1
* php8-pcntl-debuginfo-8.0.30-150400.4.68.1
* php8-enchant-debuginfo-8.0.30-150400.4.68.1
* php8-opcache-8.0.30-150400.4.68.1
* php8-test-8.0.30-150400.4.68.1
* php8-ldap-8.0.30-150400.4.68.1
* php8-tokenizer-8.0.30-150400.4.68.1
* php8-pdo-debuginfo-8.0.30-150400.4.68.1
* php8-sodium-debuginfo-8.0.30-150400.4.68.1
* php8-curl-debuginfo-8.0.30-150400.4.68.1
* php8-devel-8.0.30-150400.4.68.1
* php8-sqlite-debuginfo-8.0.30-150400.4.68.1
* apache2-mod_php8-debuginfo-8.0.30-150400.4.68.1
* php8-dba-8.0.30-150400.4.68.1
* php8-sockets-8.0.30-150400.4.68.1
* php8-calendar-debuginfo-8.0.30-150400.4.68.1
* php8-sysvsem-8.0.30-150400.4.68.1
* php8-xmlreader-debuginfo-8.0.30-150400.4.68.1
* php8-xmlwriter-debuginfo-8.0.30-150400.4.68.1
* php8-gd-debuginfo-8.0.30-150400.4.68.1
* php8-ftp-8.0.30-150400.4.68.1
* php8-enchant-8.0.30-150400.4.68.1
* php8-odbc-8.0.30-150400.4.68.1
* php8-pgsql-8.0.30-150400.4.68.1
* php8-soap-8.0.30-150400.4.68.1
* php8-dba-debuginfo-8.0.30-150400.4.68.1
* php8-gettext-8.0.30-150400.4.68.1
* php8-ctype-8.0.30-150400.4.68.1
* php8-snmp-8.0.30-150400.4.68.1
* php8-dom-debuginfo-8.0.30-150400.4.68.1
* php8-tidy-debuginfo-8.0.30-150400.4.68.1
* php8-tokenizer-debuginfo-8.0.30-150400.4.68.1
* php8-snmp-debuginfo-8.0.30-150400.4.68.1
* php8-dom-8.0.30-150400.4.68.1
* php8-xmlwriter-8.0.30-150400.4.68.1
* apache2-mod_php8-debugsource-8.0.30-150400.4.68.1
* php8-sysvsem-debuginfo-8.0.30-150400.4.68.1
* php8-xmlreader-8.0.30-150400.4.68.1
* php8-fastcgi-debuginfo-8.0.30-150400.4.68.1
* php8-pgsql-debuginfo-8.0.30-150400.4.68.1
* php8-sysvmsg-8.0.30-150400.4.68.1
* php8-xsl-debuginfo-8.0.30-150400.4.68.1
* php8-openssl-8.0.30-150400.4.68.1
* php8-fastcgi-8.0.30-150400.4.68.1
* php8-shmop-8.0.30-150400.4.68.1
* php8-8.0.30-150400.4.68.1
* php8-fpm-debugsource-8.0.30-150400.4.68.1
* php8-debugsource-8.0.30-150400.4.68.1
* php8-exif-8.0.30-150400.4.68.1
* php8-iconv-debuginfo-8.0.30-150400.4.68.1
* php8-odbc-debuginfo-8.0.30-150400.4.68.1
* php8-sqlite-8.0.30-150400.4.68.1
* php8-zlib-8.0.30-150400.4.68.1
* php8-sysvshm-debuginfo-8.0.30-150400.4.68.1
* php8-fpm-8.0.30-150400.4.68.1
* php8-sodium-8.0.30-150400.4.68.1
* php8-embed-8.0.30-150400.4.68.1
* php8-soap-debuginfo-8.0.30-150400.4.68.1
* php8-embed-debugsource-8.0.30-150400.4.68.1
* php8-exif-debuginfo-8.0.30-150400.4.68.1
* php8-mysql-debuginfo-8.0.30-150400.4.68.1
* php8-intl-debuginfo-8.0.30-150400.4.68.1
* php8-cli-8.0.30-150400.4.68.1
* php8-iconv-8.0.30-150400.4.68.1
* php8-ldap-debuginfo-8.0.30-150400.4.68.1
* php8-curl-8.0.30-150400.4.68.1
* php8-intl-8.0.30-150400.4.68.1
* php8-posix-8.0.30-150400.4.68.1
* php8-gmp-8.0.30-150400.4.68.1
* php8-gd-8.0.30-150400.4.68.1
* php8-mbstring-8.0.30-150400.4.68.1
* php8-zlib-debuginfo-8.0.30-150400.4.68.1
* php8-cli-debuginfo-8.0.30-150400.4.68.1
* php8-pdo-8.0.30-150400.4.68.1
* php8-mbstring-debuginfo-8.0.30-150400.4.68.1

## References:

* https://www.suse.com/security/cve/CVE-2026-14355.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270351



SUSE-SU-2026:2885-1: moderate: Security update for alsa


# Security update for alsa

Announcement ID: SUSE-SU-2026:2885-1
Release Date: 2026-07-13T10:02:46Z
Rating: moderate
References:

* bsc#1268853

Cross-References:

* CVE-2026-56109

CVSS scores:

* CVE-2026-56109 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-56109 ( NVD ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-56109 ( NVD ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for alsa fixes the following issue

* CVE-2026-56109: crafted ALSA configuration text with nested blocks can cause
a double-free and memory corruption (bsc#1268853).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2885=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2885=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2885=1

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2885=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2885=1

## Package List:

* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libasound2-1.2.6.1-150400.3.3.1
* alsa-debugsource-1.2.6.1-150400.3.3.1
* libasound2-debuginfo-1.2.6.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libasound2-1.2.6.1-150400.3.3.1
* alsa-debugsource-1.2.6.1-150400.3.3.1
* libasound2-debuginfo-1.2.6.1-150400.3.3.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* alsa-debugsource-1.2.6.1-150400.3.3.1
* libasound2-1.2.6.1-150400.3.3.1
* libasound2-debuginfo-1.2.6.1-150400.3.3.1
* alsa-1.2.6.1-150400.3.3.1
* alsa-devel-1.2.6.1-150400.3.3.1
* openSUSE Leap 15.4 (x86_64)
* libasound2-32bit-debuginfo-1.2.6.1-150400.3.3.1
* libatopology2-32bit-debuginfo-1.2.6.1-150400.3.3.1
* alsa-topology-devel-32bit-1.2.6.1-150400.3.3.1
* alsa-devel-32bit-1.2.6.1-150400.3.3.1
* libatopology2-32bit-1.2.6.1-150400.3.3.1
* libasound2-32bit-1.2.6.1-150400.3.3.1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le x86_64)
* libatopology2-debuginfo-1.2.6.1-150400.3.3.1
* alsa-topology-devel-1.2.6.1-150400.3.3.1
* libatopology2-1.2.6.1-150400.3.3.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libasound2-64bit-1.2.6.1-150400.3.3.1
* libatopology2-64bit-1.2.6.1-150400.3.3.1
* libatopology2-64bit-debuginfo-1.2.6.1-150400.3.3.1
* alsa-devel-64bit-1.2.6.1-150400.3.3.1
* alsa-topology-devel-64bit-1.2.6.1-150400.3.3.1
* libasound2-64bit-debuginfo-1.2.6.1-150400.3.3.1
* openSUSE Leap 15.4 (noarch)
* alsa-docs-1.2.6.1-150400.3.3.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* alsa-debugsource-1.2.6.1-150400.3.3.1
* libasound2-1.2.6.1-150400.3.3.1
* libasound2-debuginfo-1.2.6.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* alsa-debugsource-1.2.6.1-150400.3.3.1
* libasound2-1.2.6.1-150400.3.3.1
* libasound2-debuginfo-1.2.6.1-150400.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2026-56109.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268853



SUSE-SU-2026:2886-1: moderate: Security update for libslirp


# Security update for libslirp

Announcement ID: SUSE-SU-2026:2886-1
Release Date: 2026-07-13T10:09:11Z
Rating: moderate
References:

* bsc#1268903

Cross-References:

* CVE-2026-9539

CVSS scores:

* CVE-2026-9539 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
* CVE-2026-9539 ( NVD ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.3
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves one vulnerability can now be installed.

## Description:

This update for libslirp fixes the following issues:

* CVE-2026-9539: crafted TCP segment with manipulated URG flags and urgent
pointers can cause an integer underflow and host-heap memory leak
(bsc#1268903).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1

* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2886=1

* openSUSE Leap 15.3
zypper in -t patch SUSE-2026-2886=1

* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1

* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2886=1

## Package List:

* openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64)
* libslirp-debugsource-4.7.0+44-150300.18.1
* libslirp-devel-4.7.0+44-150300.18.1
* libslirp0-4.7.0+44-150300.18.1
* libslirp0-debuginfo-4.7.0+44-150300.18.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libslirp-debugsource-4.7.0+44-150300.18.1
* libslirp0-4.7.0+44-150300.18.1
* libslirp0-debuginfo-4.7.0+44-150300.18.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libslirp-debugsource-4.7.0+44-150300.18.1
* libslirp0-4.7.0+44-150300.18.1
* libslirp0-debuginfo-4.7.0+44-150300.18.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libslirp0-debuginfo-4.7.0+44-150300.18.1
* libslirp0-4.7.0+44-150300.18.1
* libslirp-debugsource-4.7.0+44-150300.18.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libslirp0-debuginfo-4.7.0+44-150300.18.1
* libslirp0-4.7.0+44-150300.18.1
* libslirp-debugsource-4.7.0+44-150300.18.1

## References:

* https://www.suse.com/security/cve/CVE-2026-9539.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268903



SUSE-SU-2026:2890-1: important: Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 34 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:2890-1
Release Date: 2026-07-13T10:20:38Z
Rating: important
References:

* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023

Cross-References:

* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943

CVSS scores:

* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 23 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.133 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2890=1 SUSE-SLE-
Module-Live-Patching-15-SP5-2026-2872=1 SUSE-SLE-Module-Live-
Patching-15-SP5-2026-2873=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2872=1 SUSE-2026-2873=1 SUSE-2026-2890=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-13-150500.2.2
* kernel-livepatch-5_14_21-150500_55_130-default-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-13-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_124-default-13-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_133-default-10-150500.2.2
* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP5_Update_31-debugsource-13-150500.2.2
* kernel-livepatch-5_14_21-150500_55_130-default-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_133-default-debuginfo-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_124-default-debuginfo-13-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_33-debugsource-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_124-default-13-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_34-debugsource-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_133-default-10-150500.2.2
* kernel-livepatch-5_14_21-150500_55_130-default-debuginfo-10-150500.2.2

## References:

* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023



SUSE-SU-2026:2888-1: important: Security update for the Linux Kernel (Live Patch 52 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 52 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2888-1
Release Date: 2026-07-13T10:19:55Z
Rating: important
References:

* bsc#1260524
* bsc#1262759
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023

Cross-References:

* CVE-2026-23393
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943

CVSS scores:

* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 20 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.209 fixes
various security issues

The following security issues were fixed:

* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2888=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2888=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_209-default-debuginfo-4-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_52-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_209-default-4-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_52-debugsource-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_209-default-debuginfo-4-150400.2.1
* kernel-livepatch-5_14_21-150400_24_209-default-4-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023



SUSE-SU-2026:2889-1: important: Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 44 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2889-1
Release Date: 2026-07-13T10:20:19Z
Rating: important
References:

* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023

Cross-References:

* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943

CVSS scores:

* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 21 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.176 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2889=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2889=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-16-150400.2.1
* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP4_Update_44-debugsource-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-debuginfo-16-150400.2.1
* kernel-livepatch-5_14_21-150400_24_176-default-16-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023



SUSE-SU-2026:2894-1: important: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise 15 SP6)


# Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise
15 SP6)

Announcement ID: SUSE-SU-2026:2894-1
Release Date: 2026-07-13T12:12:16Z
Rating: important
References:

* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264567
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
* bsc#1269495

Cross-References:

* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43120
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
* CVE-2026-53362

CVSS scores:

* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43120 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 25 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.81 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr
(bsc#1264567).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
* CVE-2026-53362: ipv6: account for fraggap on the paged allocation path
(bsc#1269495).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2894=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-2896=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2026-2897=1

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2894=1 SUSE-2026-2896=1 SUSE-2026-2897=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-20-150600.2.2
* kernel-livepatch-6_4_0-150600_23_81-default-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_70-default-14-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-14-150600.2.2
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-14-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-20-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-20-150600.2.2
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150600_23_53-default-20-150600.2.2
* kernel-livepatch-6_4_0-150600_23_81-default-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_81-default-debuginfo-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_70-default-14-150600.2.2
* kernel-livepatch-6_4_0-150600_23_70-default-debuginfo-14-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_18-debugsource-9-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_15-debugsource-14-150600.2.2
* kernel-livepatch-6_4_0-150600_23_53-default-debuginfo-20-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_12-debugsource-20-150600.2.2

## References:

* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43120.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-53362.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264567
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
* https://bugzilla.suse.com/show_bug.cgi?id=1269495



SUSE-SU-2026:2902-1: important: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise 15 SP7)


# Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise
15 SP7)

Announcement ID: SUSE-SU-2026:2902-1
Release Date: 2026-07-13T15:45:10Z
Rating: important
References:

* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264567
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023
* bsc#1269495

Cross-References:

* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43120
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943
* CVE-2026-53362

CVSS scores:

* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43120 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-53362 ( SUSE ): 9.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
* CVE-2026-53362 ( SUSE ): 8.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Live Patching 15-SP6
* SUSE Linux Enterprise Live Patching 15-SP7
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Real Time 15 SP7
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves 25 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.28 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43120: RDMA/irdma: Fix double free related to rereg_user_mr
(bsc#1264567).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).
* CVE-2026-53362: ipv6: account for fraggap on the paged allocation path
(bsc#1269495).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-2911=1 SUSE-2026-2913=1 SUSE-2026-2912=1
SUSE-2026-2917=1 SUSE-2026-2908=1

* SUSE Linux Enterprise Live Patching 15-SP7
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP7-2026-2916=1 SUSE-SLE-
Module-Live-Patching-15-SP7-2026-2915=1 SUSE-SLE-Module-Live-
Patching-15-SP7-2026-2902=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2906=1
SUSE-SLE-Module-Live-Patching-15-SP7-2026-2904=1 SUSE-SLE-Module-Live-
Patching-15-SP7-2026-2898=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2903=1
SUSE-SLE-Module-Live-Patching-15-SP7-2026-2905=1 SUSE-SLE-Module-Live-
Patching-15-SP7-2026-2901=1 SUSE-SLE-Module-Live-Patching-15-SP7-2026-2907=1

* SUSE Linux Enterprise Live Patching 15-SP6
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-2908=1 SUSE-SLE-
Module-Live-Patching-15-SP6-2026-2911=1 SUSE-SLE-Module-Live-
Patching-15-SP6-2026-2913=1 SUSE-SLE-Module-Live-Patching-15-SP6-2026-2912=1
SUSE-SLE-Module-Live-Patching-15-SP6-2026-2917=1

## Package List:

* SUSE Linux Enterprise Live Patching 15-SP7 (x86_64)
* kernel-livepatch-6_4_0-150700_7_22-rt-10-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_2-debugsource-18-150700.2.1
* kernel-livepatch-6_4_0-150700_7_13-rt-14-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_1-debugsource-19-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_5-debugsource-11-150700.2.1
* kernel-livepatch-6_4_0-150700_5-rt-19-150700.3.1
* kernel-livepatch-6_4_0-150700_7_25-rt-debuginfo-9-150700.2.1
* kernel-livepatch-6_4_0-150700_7_22-rt-debuginfo-10-150700.2.1
* kernel-livepatch-6_4_0-150700_7_19-rt-debuginfo-11-150700.2.1
* kernel-livepatch-6_4_0-150700_7_8-rt-18-150700.2.1
* kernel-livepatch-6_4_0-150700_5-rt-debuginfo-19-150700.3.1
* kernel-livepatch-SLE15-SP7-RT_Update_3-debugsource-14-150700.2.1
* kernel-livepatch-6_4_0-150700_7_16-rt-debuginfo-14-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_0-debugsource-19-150700.3.1
* kernel-livepatch-SLE15-SP7-RT_Update_4-debugsource-14-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_6-debugsource-10-150700.2.1
* kernel-livepatch-6_4_0-150700_7_13-rt-debuginfo-14-150700.2.1
* kernel-livepatch-6_4_0-150700_7_8-rt-debuginfo-18-150700.2.1
* kernel-livepatch-6_4_0-150700_7_25-rt-9-150700.2.1
* kernel-livepatch-SLE15-SP7-RT_Update_7-debugsource-9-150700.2.1
* kernel-livepatch-6_4_0-150700_7_16-rt-14-150700.2.1
* kernel-livepatch-6_4_0-150700_7_3-rt-debuginfo-19-150700.2.1
* kernel-livepatch-6_4_0-150700_7_19-rt-11-150700.2.1
* kernel-livepatch-6_4_0-150700_7_3-rt-19-150700.2.1
* SUSE Linux Enterprise Live Patching 15-SP7 (ppc64le s390x x86_64)
* kernel-livepatch-6_4_0-150700_53_28-default-debuginfo-9-150700.2.2
* kernel-livepatch-SLE15-SP7_Update_8-debugsource-9-150700.2.2
* kernel-livepatch-6_4_0-150700_53_25-default-9-150700.2.2
* kernel-livepatch-SLE15-SP7_Update_7-debugsource-9-150700.2.2
* kernel-livepatch-6_4_0-150700_53_25-default-debuginfo-9-150700.2.2
* kernel-livepatch-6_4_0-150700_53_28-default-9-150700.2.2
* openSUSE Leap 15.6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-14-150600.2.2
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-11-150600.2.2
* kernel-livepatch-6_4_0-150600_23_73-default-11-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-11-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-14-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-18-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_65-default-14-150600.2.2
* kernel-livepatch-6_4_0-150600_23_78-default-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-18-150600.2.2
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_84-default-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_60-default-18-150600.2.2
* SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
* kernel-livepatch-SLE15-SP6_Update_17-debugsource-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_65-default-debuginfo-14-150600.2.2
* kernel-livepatch-6_4_0-150600_23_78-default-debuginfo-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_73-default-debuginfo-11-150600.2.2
* kernel-livepatch-6_4_0-150600_23_73-default-11-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_16-debugsource-11-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_14-debugsource-14-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_19-debugsource-9-150600.2.2
* kernel-livepatch-SLE15-SP6_Update_13-debugsource-18-150600.2.2
* kernel-livepatch-6_4_0-150600_23_65-default-14-150600.2.2
* kernel-livepatch-6_4_0-150600_23_78-default-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_60-default-debuginfo-18-150600.2.2
* kernel-livepatch-6_4_0-150600_23_84-default-debuginfo-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_84-default-9-150600.2.2
* kernel-livepatch-6_4_0-150600_23_60-default-18-150600.2.2

## References:

* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43120.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://www.suse.com/security/cve/CVE-2026-53362.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264567
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023
* https://bugzilla.suse.com/show_bug.cgi?id=1269495



SUSE-SU-2026:2899-1: important: Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise 15 SP5)


# Security update for the Linux Kernel (Live Patch 27 for SUSE Linux Enterprise
15 SP5)

Announcement ID: SUSE-SU-2026:2899-1
Release Date: 2026-07-13T12:33:59Z
Rating: important
References:

* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263094
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265117
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023

Cross-References:

* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31505
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43366
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943

CVSS scores:

* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31505 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31505 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43366 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43366 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43366 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise Live Patching 15-SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Real Time 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves 23 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.110 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(bsc#1263094).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy
on recycle (bsc#1265117).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP5
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP5-2026-2899=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2899=1

## Package List:

* openSUSE Leap 15.5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-21-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-21-150500.2.2
* kernel-livepatch-5_14_21-150500_55_110-default-21-150500.2.2
* SUSE Linux Enterprise Live Patching 15-SP5 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150500_55_110-default-debuginfo-21-150500.2.2
* kernel-livepatch-SLE15-SP5_Update_27-debugsource-21-150500.2.2
* kernel-livepatch-5_14_21-150500_55_110-default-21-150500.2.2

## References:

* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31505.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43366.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263094
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265117
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023



SUSE-SU-2026:2910-1: important: Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise 15 SP4)


# Security update for the Linux Kernel (Live Patch 47 for SUSE Linux Enterprise
15 SP4)

Announcement ID: SUSE-SU-2026:2910-1
Release Date: 2026-07-13T14:17:06Z
Rating: important
References:

* bsc#1256615
* bsc#1260524
* bsc#1262759
* bsc#1263118
* bsc#1263177
* bsc#1263670
* bsc#1264094
* bsc#1264252
* bsc#1264253
* bsc#1264849
* bsc#1265127
* bsc#1265197
* bsc#1265945
* bsc#1266015
* bsc#1266265
* bsc#1267206
* bsc#1267698
* bsc#1267723
* bsc#1267893
* bsc#1268662
* bsc#1269023

Cross-References:

* CVE-2025-71089
* CVE-2026-23393
* CVE-2026-31533
* CVE-2026-31570
* CVE-2026-31586
* CVE-2026-31685
* CVE-2026-31758
* CVE-2026-43025
* CVE-2026-43027
* CVE-2026-43037
* CVE-2026-43190
* CVE-2026-43437
* CVE-2026-43494
* CVE-2026-43501
* CVE-2026-45970
* CVE-2026-46120
* CVE-2026-46173
* CVE-2026-46227
* CVE-2026-46243
* CVE-2026-52909
* CVE-2026-52943

CVSS scores:

* CVE-2025-71089 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2025-71089 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2025-71089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31533 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31533 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:H/SI:N/SA:N
* CVE-2026-31570 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31570 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31586 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31685 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31685 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-31685 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-31758 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43025 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
* CVE-2026-43027 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43027 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( SUSE ): 7.7
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43037 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43190 ( SUSE ): 8.8
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43190 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43190 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-43437 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43437 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43437 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43494 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43494 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-43501 ( NVD ): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46120 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2026-46120 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46173 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46173 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46227 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46227 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52909 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52909 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2026-52909 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-52943 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-52943 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.4
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise Live Patching 15-SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Real Time 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP4

An update that solves 21 vulnerabilities can now be installed.

## Description:

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.187 fixes
various security issues

The following security issues were fixed:

* CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256615).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260524).
* CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (bsc#1262759).
* CVE-2026-31570: can: gw: fix OOB heap access in cgw_csum_crc8_rel()
(bsc#1263118).
* CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263177).
* CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all
packets (bsc#1263670).
* CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release
(bsc#1264094).
* CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new
expectations (bsc#1264253).
* CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect
cleanup (bsc#1264252).
* CVE-2026-43037: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (bsc#1265197).
* CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading
optlen (bsc#1264849).
* CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (bsc#1265127).
* CVE-2026-43494: RDS zerocopy attack aka PinTheft (bsc#1265945).
* CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH
grows (bsc#1266015).
* CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down
(bsc#1267206).
* CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink()
(bsc#1267893).
* CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task
(bsc#1267723).
* CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in
SCTP_SENDALL (bsc#1267698).
* CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions
(CIFSwitch) (bsc#1266265).
* CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device
(bsc#1268662).
* CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve
helpers (bsc#1269023).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-2910=1 SUSE-SLE-
Module-Live-Patching-15-SP4-2026-2900=1

* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2910=1 SUSE-2026-2900=1

## Package List:

* openSUSE Leap 15.4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_187-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-10-150400.2.1
* SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
* kernel-livepatch-5_14_21-150400_24_187-default-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_187-default-debuginfo-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_46-debugsource-10-150400.2.1
* kernel-livepatch-5_14_21-150400_24_184-default-debuginfo-10-150400.2.1
* kernel-livepatch-SLE15-SP4_Update_47-debugsource-10-150400.2.1

## References:

* https://www.suse.com/security/cve/CVE-2025-71089.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-31533.html
* https://www.suse.com/security/cve/CVE-2026-31570.html
* https://www.suse.com/security/cve/CVE-2026-31586.html
* https://www.suse.com/security/cve/CVE-2026-31685.html
* https://www.suse.com/security/cve/CVE-2026-31758.html
* https://www.suse.com/security/cve/CVE-2026-43025.html
* https://www.suse.com/security/cve/CVE-2026-43027.html
* https://www.suse.com/security/cve/CVE-2026-43037.html
* https://www.suse.com/security/cve/CVE-2026-43190.html
* https://www.suse.com/security/cve/CVE-2026-43437.html
* https://www.suse.com/security/cve/CVE-2026-43494.html
* https://www.suse.com/security/cve/CVE-2026-43501.html
* https://www.suse.com/security/cve/CVE-2026-45970.html
* https://www.suse.com/security/cve/CVE-2026-46120.html
* https://www.suse.com/security/cve/CVE-2026-46173.html
* https://www.suse.com/security/cve/CVE-2026-46227.html
* https://www.suse.com/security/cve/CVE-2026-46243.html
* https://www.suse.com/security/cve/CVE-2026-52909.html
* https://www.suse.com/security/cve/CVE-2026-52943.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256615
* https://bugzilla.suse.com/show_bug.cgi?id=1260524
* https://bugzilla.suse.com/show_bug.cgi?id=1262759
* https://bugzilla.suse.com/show_bug.cgi?id=1263118
* https://bugzilla.suse.com/show_bug.cgi?id=1263177
* https://bugzilla.suse.com/show_bug.cgi?id=1263670
* https://bugzilla.suse.com/show_bug.cgi?id=1264094
* https://bugzilla.suse.com/show_bug.cgi?id=1264252
* https://bugzilla.suse.com/show_bug.cgi?id=1264253
* https://bugzilla.suse.com/show_bug.cgi?id=1264849
* https://bugzilla.suse.com/show_bug.cgi?id=1265127
* https://bugzilla.suse.com/show_bug.cgi?id=1265197
* https://bugzilla.suse.com/show_bug.cgi?id=1265945
* https://bugzilla.suse.com/show_bug.cgi?id=1266015
* https://bugzilla.suse.com/show_bug.cgi?id=1266265
* https://bugzilla.suse.com/show_bug.cgi?id=1267206
* https://bugzilla.suse.com/show_bug.cgi?id=1267698
* https://bugzilla.suse.com/show_bug.cgi?id=1267723
* https://bugzilla.suse.com/show_bug.cgi?id=1267893
* https://bugzilla.suse.com/show_bug.cgi?id=1268662
* https://bugzilla.suse.com/show_bug.cgi?id=1269023