SUSE-SU-2026:2068-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-20262068-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:2068-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:2068-1
Upstream
  • CVE-2023-20585
Related
Published
2026-05-26T07:29:48Z
Modified
2026-05-27T08:16:17.767716825Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues

The following security issues were fixed:

  • CVE-2022-50053: iavf: Fix reset error handling (bsc#1245038).
  • CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1. (bsc#1243603).
  • CVE-2024-50082: blk-rq-qos: fix crash on rqqoswait vs. rqqoswake_function race (bsc#1232500 bsc#1262778).
  • CVE-2025-68185: nfs4setupreaddir(): insufficient locking for ->dparent->dinode dereferencing (bsc#1255135).
  • CVE-2025-71118: ACPICA: Avoid walking the Namespace if start_node is NULL (bsc#1256763).
  • CVE-2025-71238: scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1259186).
  • CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount() (bsc#1258414).
  • CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount() (bsc#1258447).
  • CVE-2026-23276: net: add xmit recursion limit to tunnel xmit functions (bsc#1260012).
  • CVE-2026-23290: net: usb: pegasus: validate USB endpoints (bsc#1260533).
  • CVE-2026-23292: scsi: target: Fix recursive locking in __configfsopenfile() (bsc#1260500).
  • CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
  • CVE-2026-23312: net: usb: kaweth: validate USB endpoints (bsc#1260561).
  • CVE-2026-23340: net: sched: avoid qdiscresetalltxgt() vs dequeue race for lockless qdiscs (bsc#1260523).
  • CVE-2026-23378: actife: load meta modules before tcfidrcheckalloc() (bsc#1260546).
  • CVE-2026-23391: netfilter: xt_CT: drop pending enqueued packets on template removal (bsc#1260566).
  • CVE-2026-23442: ipv6: add NULL checks for idev in SRv6 paths (bsc#1261581).
  • CVE-2026-23449: net/sched: teql: Fix double-free in teqlmasterxmit (bsc#1261779).
  • CVE-2026-23455: netfilter: nfconntrackh323: check for zero length in DecodeQ931() (bsc#1261687).
  • CVE-2026-23456: netfilter: nfconntrackh323: fix OOB read in decode_int() CONS case (bsc#1261703).
  • CVE-2026-23457: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp() (bsc#1261686).
  • CVE-2026-23458: netfilter: ctnetlink: fix use-after-free in ctnetlinkdumpexp_ct() (bsc#1261781).
  • CVE-2026-23461: Bluetooth: L2CAP: Fix use-after-free in l2capunregisteruser (bsc#1261707).
  • CVE-2026-23462: Bluetooth: HIDP: Fix possible UAF (bsc#1261710).
  • CVE-2026-23468: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion (bsc#1261692).
  • CVE-2026-23472: serial: core: fix infinite loop in handletx() for PORTUNKNOWN (bsc#1261636).
  • CVE-2026-31393: Bluetooth: L2CAP: Validate L2CAPINFORSP payload length before access (bsc#1261719).
  • CVE-2026-31400: sunrpc: fix cacherequest leak in cacherelease (bsc#1261645).
  • CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261638).
  • CVE-2026-31403: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (bsc#1261796).
  • CVE-2026-31407: netfilter: conntrack: add missing netlink policy validations (bsc#1261632).
  • CVE-2026-31408: Bluetooth: SCO: Fix use-after-free in scorecvframe() due to missing sock_hold (bsc#1261797).
  • CVE-2026-31411: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (bsc#1261752).
  • CVE-2026-31416: netfilter: nfnetlink_log: account for netlink header size (bsc#1262100).
  • CVE-2026-31422: net/sched: cls_flow: fix NULL pointer dereference on shared blocks (bsc#1262054).
  • CVE-2026-31423: net/sched: schhfsc: fix divide-by-zero in rtscmin() (bsc#1262063).
  • CVE-2026-31424: netfilter: xtables: restrict xtcheckmatch/xtchecktarget extensions for NFPROTOARP (bsc#1262053).
  • CVE-2026-31425: rds: ib: reject FRMR registration before IB connection is established (bsc#1262074).
  • CVE-2026-31427: netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp (bsc#1262086).
  • CVE-2026-31428: netfilter: nfnetlinklog: fix uninitialized padding leak in NFULAPAYLOAD (bsc#1262087).
  • CVE-2026-31496: netfilter: nfconntrackexpect: skip expectations in other netns via proc (bsc#1262673).
  • CVE-2026-31504: net: fix fanout UAF in packetrelease() via NETDEVUP race (bsc#1263085).
  • CVE-2026-31507: net/smc: fix double-free of smcspdpriv when tee() duplicates splice pipe buffer (bsc#1263095).
  • CVE-2026-31512: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2capecreddata_rcv() (bsc#1262734).
  • CVE-2026-31524: HID: asus: avoid memory leak in asusreportfixup() (bsc#1262605).
  • CVE-2026-31602: ALSA: ctxfi: Limit PTP to a single page (bsc#1263723).
  • CVE-2026-31607: usbip: validate numberofpackets in usbippackret_submit() (bsc#1263600).
  • CVE-2026-31649: net: stmmac: fix integer underflow in chain mode (bsc#1263582).
  • CVE-2026-31667: Input: uinput - fix circular locking dependency with ff-core (bsc#1263139).
  • CVE-2026-31675: net/sched: sch_netem: fix out-of-bounds access in packet corruption (bsc#1263556).
  • CVE-2026-31681: netfilter: xt_multiport: validate range encoding in checkentry (bsc#1263593).
  • CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263668).
  • CVE-2026-31700: net/packet: fix TOCTOU race on mmap'd vnethdr in tpacketsnd() (bsc#1263882).
  • CVE-2026-31738: vxlan: validate ND option lengths in vxlannacreate (bsc#1264059).
  • CVE-2026-31787: xen/privcmd: fix double free via VMA splitting (bsc#1262181).
  • CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new expectations (bsc#1263931).
  • CVE-2026-43088: net: afkey: zero aligned sockaddr tail in PFKEY exports (bsc#1264469).
  • CVE-2026-43110: wifi: brcmfmac: validate bsscfg indices in IF events (bsc#1264482).
  • CVE-2026-43126: ALSA: mixer: oss: Add card disconnect checkpoints (bsc#1264634).
  • CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264848).
  • CVE-2026-43255: wifi: libertas: fix WARNING in usbtxblock (bsc#1264473).
  • CVE-2026-43264: fbdev: of: displaytiming: fix refcount leak in ofgetdisplaytimings() (bsc#1264424).
  • CVE-2026-43334: Bluetooth: SMP: force responder MITM requirements before building the pairing response (bsc#1265090).
  • CVE-2026-43437: ALSA: pcm: fix use-after-free on linked stream runtime in sndpcmdrain() (bsc#1265126).

The following non security issues were fixed:

  • list: add 'listdelinitcareful()' to go with 'listempty_careful()' (bsc#1262778).
  • ocfs2: fix possible deadlock between unlink and dioendio_write (bsc#1258718).
  • ocfs2: split transactions in dio completion to avoid credit exhaustion (bsc#1258718).
References

Affected packages