SUSE-SU-2026:0411-1

CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault (bsc#1254785).
CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
CVE-2023-53254: cacheinfo: Fix sharedcpumap to handle shared caches at different levels (bsc#1249871).
CVE-2023-53781: smc: Fix use-after-free in tcpwritetimer_handler() (bsc#1254751).
CVE-2023-54142: gtp: Fix use-after-free in _gtpencap_destroy() (bsc#1256095).
CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
CVE-2024-44987: ipv6: prevent UAF in ip6sendskb() (bsc#1230185).
CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
CVE-2025-38129: pagepool: fix inconsistency for pagepoolringlock() (bsc#1245723).
CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
CVE-2025-40139: net: ipv4: Consolidate ipv4mtu and ipdstmtumaybe_forward (bsc#1253409).
CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer() (bsc#1254842).
CVE-2025-40258: mptcp: fix race condition in mptcpschedulework() (bsc#1254843).
CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
CVE-2025-40280: tipc: Fix use-after-free in tipcmonreinit_self() (bsc#1254847).
CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handleauthsession_key() (bsc#1255377).
CVE-2025-68285: libceph: fix potential use-after-free in havemonandosdmap() (bsc#1255401).
CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2findvictim_chain (bsc#1256582).
CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxy_verf (bsc#1256779).

The following non security issues were fixed:

x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
x86: make page fault handling disable interrupts properly (git-fixes).

References

Affected packages

SUSE:Linux Enterprise Micro 5.3

kernel-rt

Package

Name: kernel-rt
Purl: pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.21-150400.15.142.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.142.1",
            "kernel-rt": "5.14.21-150400.15.142.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0411-1.json"

kernel-source-rt

Package

Name: kernel-source-rt
Purl: pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.21-150400.15.142.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.142.1",
            "kernel-rt": "5.14.21-150400.15.142.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0411-1.json"

SUSE:Linux Enterprise Micro 5.4

kernel-rt

Package

Name: kernel-rt
Purl: pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.21-150400.15.142.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.142.1",
            "kernel-rt": "5.14.21-150400.15.142.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0411-1.json"

kernel-source-rt

Package

Name: kernel-source-rt
Purl: pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.14.21-150400.15.142.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-source-rt": "5.14.21-150400.15.142.1",
            "kernel-rt": "5.14.21-150400.15.142.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0411-1.json"