SUSE-SU-2026:0411-1

Source
https://www.suse.com/support/update/announcement/2026/suse-su-20260411-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0411-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:0411-1
Upstream
Related
Published
2026-02-09T14:51:43Z
Modified
2026-02-10T15:00:16.524115Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues

The following security issues were fixed:

  • CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault (bsc#1254785).
  • CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
  • CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
  • CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
  • CVE-2023-53254: cacheinfo: Fix sharedcpumap to handle shared caches at different levels (bsc#1249871).
  • CVE-2023-53781: smc: Fix use-after-free in tcpwritetimer_handler() (bsc#1254751).
  • CVE-2023-54142: gtp: Fix use-after-free in _gtpencap_destroy() (bsc#1256095).
  • CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
  • CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
  • CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
  • CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
  • CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
  • CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
  • CVE-2024-44987: ipv6: prevent UAF in ip6sendskb() (bsc#1230185).
  • CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
  • CVE-2025-38129: pagepool: fix inconsistency for pagepoolringlock() (bsc#1245723).
  • CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
  • CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
  • CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
  • CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
  • CVE-2025-40139: net: ipv4: Consolidate ipv4mtu and ipdstmtumaybe_forward (bsc#1253409).
  • CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
  • CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
  • CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
  • CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer() (bsc#1254842).
  • CVE-2025-40258: mptcp: fix race condition in mptcpschedulework() (bsc#1254843).
  • CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
  • CVE-2025-40280: tipc: Fix use-after-free in tipcmonreinit_self() (bsc#1254847).
  • CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
  • CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
  • CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
  • CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handleauthsession_key() (bsc#1255377).
  • CVE-2025-68285: libceph: fix potential use-after-free in havemonandosdmap() (bsc#1255401).
  • CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
  • CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2findvictim_chain (bsc#1256582).
  • CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
  • CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
  • CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
  • CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxy_verf (bsc#1256779).

The following non security issues were fixed:

  • x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
  • x86: make page fault handling disable interrupts properly (git-fixes).
References

Affected packages

SUSE:Linux Enterprise Micro 5.3
kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.142.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.142.1",
            "kernel-rt": "5.14.21-150400.15.142.1"
        }
    ]
}

Database specific

source
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0411-1.json"
kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.142.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.142.1",
            "kernel-rt": "5.14.21-150400.15.142.1"
        }
    ]
}

Database specific

source
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0411-1.json"
SUSE:Linux Enterprise Micro 5.4
kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.142.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.142.1",
            "kernel-rt": "5.14.21-150400.15.142.1"
        }
    ]
}

Database specific

source
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0411-1.json"
kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.14.21-150400.15.142.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.142.1",
            "kernel-rt": "5.14.21-150400.15.142.1"
        }
    ]
}

Database specific

source
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0411-1.json"