SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2026:0293-1)

high Nessus Plugin ID 296680

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0293-1 advisory.

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-38321: smb: Log an error when close_all_cached_dirs fails (bsc#1246328).
- CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
- CVE-2025-39890: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (bsc#1250334).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
- CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).
- CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() (bsc#1252824).
- CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861).
- CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
- CVE-2025-40081: perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (bsc#1252776).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
- CVE-2025-40134: dm: fix NULL pointer dereference in __dm_suspend() (bsc#1253386).
- CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
- CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
- CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
- CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).
- CVE-2025-40170: net: use dst_dev_rcu() in sk_setup_caps() (bsc#1253413).
- CVE-2025-40178: pid: Add a judgment for ns null in pid_nr_ns (bsc#1253463).
- CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442).
- CVE-2025-40187: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (bsc#1253647).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187).
- CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199).

The following non security issues were fixed:

- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (git-fixes).
- ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (git-fixes).
- ALSA: dice: fix buffer overflow in detect_stream_formats() (git-fixes).
- ALSA: firewire-motu: add bounds check in put_user loop for DSP events (git-fixes).
- ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (git-fixes).
- ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (git-fixes).
- ALSA: uapi: Fix typo in asound.h comment (git-fixes).
- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (stable-fixes).
- ASoC: Intel: catpt: Fix error path in hw_params() (git-fixes).
- ASoC: ak4458: Disable regulator when error happens (git-fixes).
- ASoC: ak5558: Disable regulator when error happens (git-fixes).
- ASoC: codecs: wcd938x: fix OF node leaks on probe failure (git-fixes).
- ASoC: fsl_xcvr: clear the channel status control memory (git-fixes).
- ASoC: qcom: q6adm: the the copp device only during last instance (git-fixes).
- ASoC: qcom: q6asm-dai: perform correct state check before closing (git-fixes).
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment (git-fixes).
- ASoC: stm32: sai: fix OF node leak on probe (git-fixes).
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure (git-fixes).
- ASoC: stm32: sai: fix device leak on probe (git-fixes).
- Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 (git-fixes).
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing (git-fixes).
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (git-fixes).
- Documentation/kernel-parameters: fix typo in retbleed= kernel parameter description (git-fixes).
- Documentation: hid-alps: Fix packet format section headings (git-fixes).
- Documentation: parport-lowlevel: Separate function listing code blocks (git-fixes).
- HID: logitech-dj: Remove duplicate error logging (git-fixes).
- HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (git-fixes).
- Input: cros_ec_keyb - fix an invalid memory access (stable-fixes).
- Input: goodix - add support for ACPI ID GDIX1003 (stable-fixes).
- Input: goodix - add support for ACPI ID GDX9110 (stable-fixes).
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (git-fixes).
- KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes).
- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (git-fixes).
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (git-fixes).
- PCI: keystone: Exit ks_pcie_probe() for invalid mode (git-fixes).
- PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (git-fixes).
- Revert 'mtd: rawnand: marvell: fix layouts' (git-fixes).
- USB: Fix descriptor count when handling invalid MBIM extended descriptor (git-fixes).
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (git-fixes).
- USB: serial: ftdi_sio: add support for u-blox EVK-M101 (stable-fixes).
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (git-fixes).
- USB: serial: option: add Quectel RG255C (stable-fixes).
- USB: serial: option: add Telit FN920C04 ECM compositions (stable-fixes).
- USB: serial: option: add UNISOC UIS7720 (stable-fixes).
- USB: serial: option: add support for Rolling RW101R-GL (stable-fixes).
- USB: storage: Remove subclass and protocol overrides from Novatek quirk (git-fixes).
- arm64: zynqmp: Fix usb node drive strength and slew rate (git-fixes).
- arm64: zynqmp: Revert usb node drive strength and slew rate for (git-fixes).
- atm/fore200e: Fix possible data race in fore200e_open() (git-fixes).
- atm: idt77252: Add missing `dma_map_error()` (stable-fixes).
- backlight: led-bl: Add devlink to supplier LEDs (git-fixes).
- backlight: lp855x: Fix lp855x.h kernel-doc warnings (git-fixes).
- bs-upload-kernel: Fix cve branch uploads.
- btrfs: make sure extent and csum paths are always released in scrub_raid56_parity_stripe() (git-fixes).
- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (git-fixes).
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (git-fixes).
- can: sja1000: fix max irq loop handling (git-fixes).
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (git-fixes).
- cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449).
- cifs: after disabling multichannel, mark tcon for reconnect (git-fixes).
- cifs: avoid redundant calls to disable multichannel (git-fixes).
- cifs: cifs_pick_channel should try selecting active channels (git-fixes).
- cifs: deal with the channel loading lag while picking channels (git-fixes).
- cifs: dns resolution is needed only for primary channel (git-fixes).
- cifs: do not disable interface polling on failure (git-fixes).
- cifs: do not search for channel if server is terminating (git-fixes).
- cifs: fix a pending undercount of srv_count (git-fixes).
- cifs: fix lock ordering while disabling multichannel (git-fixes).
- cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes).
- cifs: fix use after free for iface while disabling secondary channels (git-fixes).
- cifs: handle servers that still advertise multichannel after disabling (git-fixes).
- cifs: handle when server starts supporting multichannel (git-fixes).
- cifs: handle when server stops supporting multichannel (git-fixes).
- cifs: make cifs_chan_update_iface() a void function (git-fixes).
- cifs: make sure server interfaces are requested only for SMB3+ (git-fixes).
- cifs: make sure that channel scaling is done only once (git-fixes).
- cifs: reconnect worker should take reference on server struct unconditionally (git-fixes).
- cifs: reset connections for all channels when reconnect requested (git-fixes).
- cifs: reset iface weights when we cannot find a candidate (git-fixes).
- cifs: serialize other channels when query server interfaces is pending (git-fixes).
- cifs: update dstaddr whenever channel iface is updated (git-fixes).
- clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (git-fixes).
- clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (git-fixes).
- clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (git-fixes).
- clk: renesas: r9a06g032: Fix memory leak in error path (git-fixes).
- comedi: c6xdigio: Fix invalid PNP driver unregistration (git-fixes).
- comedi: check device's attached status in compat ioctls (git-fixes).
- comedi: multiq3: sanitize config options in multiq3_attach() (git-fixes).
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (git-fixes).
- cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes (git-fixes).
- cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026).
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (git-fixes).
- crypto: authenc - Correctly pass EINPROGRESS back up to the caller (git-fixes).
- crypto: ccree - Correctly handle return of sg_nents_for_len (git-fixes).
- crypto: hisilicon/qm - restore original qos values (git-fixes).
- crypto: iaa - Fix incorrect return value in save_iaa_wq() (git-fixes).
- crypto: rockchip - drop redundant crypto_skcipher_ivsize() calls (git-fixes).
- dm-integrity: limit MAX_TAG_SIZE to 255 (git-fixes).
- dm-verity: fix unreliable memory allocation (git-fixes).
- dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386).
- drivers/usb/dwc3: fix PCI parent check (git-fixes).
- drm/amd/display: Check NULL before accessing (stable-fixes).
- drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (git-fixes).
- drm/amd/display: Increase DPCD read retries (stable-fixes).
- drm/amd/display: Move sleep into each retry for retrieve_link_cap() (stable-fixes).
- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (stable-fixes).
- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (git-fixes).
- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (git-fixes).
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (git-fixes).
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (git-fixes).
- drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (git-fixes).
- drm/mgag200: Fix big-endian support (git-fixes).
- drm/msm/a2xx: stop over-complaining about the legacy firmware (git-fixes).
- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (git-fixes).
- drm/msm/a6xx: Flush LRZ cache before PT switch (git-fixes).
- drm/msm/dpu: Remove dead-code in dpu_encoder_helper_reset_mixers() (git-fixes).
- drm/nouveau: restrict the flush page to a 32-bit address (git-fixes).
- drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes).
- drm/vgem-fence: Fix potential deadlock on release (git-fixes).
- drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes).
- drm: sti: fix device leaks at component probe (git-fixes).
- efi/libstub: Describe missing 'out' parameter in efi_load_initrd (git-fixes).
- efi/libstub: Fix page table access in 5-level to 4-level paging transition (git-fixes).
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (git-fixes).
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (git-fixes).
- fbdev: tcx.c fix mem_map to correct smem_start offset (git-fixes).
- firmware: imx: scu-irq: fix OF node leak in (git-fixes).
- firmware: stratix10-svc: Add mutex in stratix10 memory management (git-fixes).
- firmware: stratix10-svc: fix bug in saving controller data (git-fixes).
- firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (git-fixes).
- gpu: host1x: Fix race in syncpt alloc/free (git-fixes).
- hwmon: (max16065) Use local variable to avoid TOCTOU (git-fixes).
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (git-fixes).
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (git-fixes).
- hwmon: sy7636a: Fix regulator_enable resource leak on error path (git-fixes).
- i2c: amd-mp2: fix reference leak in MP2 PCI device (git-fixes).
- i2c: i2c.h: fix a bad kernel-doc line (git-fixes).
- i3c: master: svc: Prevent incomplete IBI transaction (git-fixes).
- iio: accel: bmc150: Fix irq assumption regression (stable-fixes).
- iio: accel: fix ADXL355 startup race condition (git-fixes).
- iio: adc: ad7280a: fix ad7280_store_balance_timer() (git-fixes).
- iio: core: Clean up device correctly on iio_device_alloc() failure (git-fixes).
- iio: core: add missing mutex_destroy in iio_dev_release() (git-fixes).
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (git-fixes).
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (git-fixes).
- iio: st_lsm6dsx: Fixed calibrated timestamp calculation (git-fixes).
- ima: Handle error code returned by ima_filter_rule_match() (git-fixes).
- intel_th: Fix error handling in intel_th_output_open (git-fixes).
- ipmi: Fix handling of messages with provided receive message pointer (git-fixes).
- ipmi: Rework user message limit handling (git-fixes).
- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (git-fixes).
- kconfig/mconf: Initialize the default locale at startup (stable-fixes).
- kconfig/nconf: Initialize the default locale at startup (stable-fixes).
- leds: leds-lp50xx: Allow LED 0 to be added to module bank (git-fixes).
- leds: leds-lp50xx: Enable chip before any communication (git-fixes).
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (git-fixes).
- leds: netxbig: Fix GPIO descriptor leak in error paths (git-fixes).
- lib/vsprintf: Check pointer before dereferencing in time_and_date() (git-fixes).
- mailbox: mailbox-test: Fix debugfs_create_dir error checking (git-fixes).
- media: TDA1997x: Remove redundant cancel_delayed_work in probe (git-fixes).
- media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (git-fixes).
- media: amphion: Cancel message work before releasing the VPU core (git-fixes).
- media: atomisp: Prefix firmware paths with 'intel/ipu/' (bsc#1252973).
- media: atomisp: Remove firmware_name module parameter (bsc#1252973).
- media: cec: Fix debugfs leak on bus_register() failure (git-fixes).
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (git-fixes).
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (git-fixes).
- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (git-fixes).
- media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (git-fixes).
- media: pvrusb2: Fix incorrect variable used in trace message (git-fixes).
- media: rc: st_rc: Fix reset control resource leak (git-fixes).
- media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (git-fixes).
- media: samsung: exynos4-is: fix potential ABBA deadlock on init (git-fixes).
- media: v4l2-mem2mem: Fix outdated documentation (git-fixes).
- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (git-fixes).
- media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (git-fixes).
- media: vidtv: initialize local pointers upon transfer of memory ownership (git-fixes).
- media: vpif_capture: fix section mismatch (git-fixes).
- media: vpif_display: fix section mismatch (git-fixes).
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (git-fixes).
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path (git-fixes).
- mfd: max77620: Fix potential IRQ chip conflict when probing two devices (git-fixes).
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (git-fixes).
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (git-fixes).
- most: usb: fix double free on late probe failure (git-fixes).
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (git-fixes).
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (git-fixes).
- mtd: maps: pcmciamtd: fix potential memory leak in pcmciamtd_detach() (git-fixes).
- mtd: nand: relax ECC parameter validation check (git-fixes).
- mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (git-fixes).
- mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (git-fixes).
- net: phy: adin1100: Fix software power-down ready condition (git-fixes).
- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (git-fixes).
- net: phy: mxl-gpy: fix link properties on USXGMII and internal PHYs (git-fixes).
- nvme: Use non zero KATO for persistent discovery connections (git-fixes).
- orangefs: fix xattr related buffer overflow.. (git-fixes).
- phy: broadcom: bcm63xx-usbh: fix section mismatches (git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (git-fixes).
- pinctrl: stm32: fix hwspinlock resource leak in probe function (git-fixes).
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (git-fixes).
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (git-fixes).
- platform/x86: intel: chtwc_int33fe: don't dereference swnode args (git-fixes).
- platform/x86: intel: punit_ipc: fix memory corruption (git-fixes).
- power: supply: apm_power: only unset own apm_get_power_status (git-fixes).
- power: supply: cw2015: Check devm_delayed_work_autocancel() return code (git-fixes).
- power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (git-fixes).
- power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (git-fixes).
- power: supply: wm831x: Check wm831x_set_bits() return value (git-fixes).
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload (bac#1236022 ltc#211187).
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in EEH event handling (bsc#1253262 ltc#216029).
- pwm: bcm2835: Make sure the channel is enabled after pwm_request() (git-fixes).
- regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (git-fixes).
- regulator: core: disable supply if enabling main regulator fails (git-fixes).
- rpmsg: glink: fix rpmsg device leak (git-fixes).
- rtc: gamecube: Check the return value of ioremap() (git-fixes).
- scripts: teaapi: Add paging.
- scrits: teaapi: Add list_repos.
- scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).
- scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).
- scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).
- scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).
- scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).
- scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).
- scsi: lpfc: Remove redundant NULL ptr assignment in lpfc_els_free_iocb() (bsc#1254119).
- scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).
- scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
- scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).
- serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (git-fixes).
- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (git-fixes).
- smb3: add missing null server pointer check (git-fixes).
- smb: client: fix cifs_pick_channel when channel needs reconnect (git-fixes).
- smb: client: fix warning when reconnecting channel (git-fixes).
- smb: client: introduce close_cached_dir_locked() (git-fixes).
- soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
- soc: amlogic: canvas: fix device leak on lookup (git-fixes).
- soc: qcom: ocmem: fix device leak on lookup (git-fixes).
- soc: qcom: smem: fix hwspinlock resource leak in probe error paths (git-fixes).
- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (git-fixes).
- spi: bcm63xx: drop wrong casts in probe() (git-fixes).
- spi: bcm63xx: fix premature CS deassertion on RX-only transactions (git-fixes).
- spi: tegra210-qspi: Remove cache operations (git-fixes).
- spi: tegra210-quad: Add support for internal DMA (git-fixes).
- spi: tegra210-quad: Check hardware status on timeout (bsc#1253155).
- spi: tegra210-quad: Fix timeout handling (bsc#1253155).
- spi: tegra210-quad: Fix timeout handling (git-fixes).
- spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155).
- spi: tegra210-quad: Update dummy sequence configuration (git-fixes).
- staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (git-fixes).
- thunderbolt: Add support for Intel Wildcat Lake (stable-fixes).
- tracing: Fix access to trace_event_file (bsc#1254373).
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (git-fixes).
- usb: cdns3: Fix double resource release in cdns3_pci_probe (git-fixes).
- usb: chaoskey: fix locking for O_NONBLOCK (git-fixes).
- usb: chipidea: udc: limit usb request length to max 16KB (stable-fixes).
- usb: dwc2: fix hang during suspend if set as peripheral (git-fixes).
- usb: dwc3: Abort suspend on soft disconnect failure (git-fixes).
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (git-fixes).
- usb: dwc3: pci: Sort out the Intel device IDs (stable-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -S (stable-fixes).
- usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes).
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (git-fixes).
- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (git-fixes).
- usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (git-fixes).
- usb: phy: Initialize struct usb_phy list_head (git-fixes).
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (git-fixes).
- usb: raw-gadget: do not limit transfer length (git-fixes).
- usb: storage: Fix memory leak in USB bulk transport (git-fixes).
- usb: storage: sddr55: Reject out-of-bound new_pba (stable-fixes).
- usb: typec: tipd: Clear interrupts first (git-fixes).
- usb: typec: ucsi: psy: Set max current to zero when disconnected (git-fixes).
- usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (git- fixes).
- usb: udc: Add trace event for usb_gadget_set_state (stable-fixes).
- usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes).
- watchdog: wdat_wdt: Fix ACPI table leak in probe function (git-fixes).
- wifi: ath11k: fix peer HE MCS assignment (git-fixes).
- wifi: ath11k: restore register window after global reset (git-fixes).
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (git-fixes).
- wifi: ieee80211: correct FILS status codes (git-fixes).
- wifi: mac80211: fix CMAC functions not handling errors (git-fixes).
- wifi: mt76: Fix DTS power-limits on little endian systems (git-fixes).
- wifi: nl80211: vendor-cmd: intel: fix a blank kernel-doc line warning (git-fixes).
- wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (git-fixes).
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (git-fixes).
- x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() (git-fixes).
- x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528).
- x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528).
- x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528).
- x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528).
- x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528).
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528).
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528).
- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (bsc#1256528).
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528).
- x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528).
- x86/microcode/AMD: Select which microcode patch to load (bsc#1256528).
- x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528).
- x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528).
- xhci: dbgtty: fix device unregister (git-fixes).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 296680

File Name: suse_SU-2026-0293-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 1/27/2026

Updated: 1/27/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-26944

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-64kb, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/26/2026

Vulnerability Publication Date: 9/4/2021

Reference Information

CVE: CVE-2023-42752, CVE-2023-53743, CVE-2023-53750, CVE-2023-53752, CVE-2023-53759, CVE-2023-53762, CVE-2023-53766, CVE-2023-53768, CVE-2023-53777, CVE-2023-53778, CVE-2023-53782, CVE-2023-53784, CVE-2023-53785, CVE-2023-53787, CVE-2023-53791, CVE-2023-53792, CVE-2023-53793, CVE-2023-53794, CVE-2023-53795, CVE-2023-53797, CVE-2023-53799, CVE-2023-53807, CVE-2023-53808, CVE-2023-53813, CVE-2023-53815, CVE-2023-53819, CVE-2023-53821, CVE-2023-53823, CVE-2023-53825, CVE-2023-53828, CVE-2023-53831, CVE-2023-53834, CVE-2023-53836, CVE-2023-53839, CVE-2023-53841, CVE-2023-53842, CVE-2023-53843, CVE-2023-53844, CVE-2023-53846, CVE-2023-53847, CVE-2023-53848, CVE-2023-53850, CVE-2023-53851, CVE-2023-53852, CVE-2023-53855, CVE-2023-53856, CVE-2023-53857, CVE-2023-53858, CVE-2023-53860, CVE-2023-53861, CVE-2023-53863, CVE-2023-53864, CVE-2023-53865, CVE-2023-53989, CVE-2023-53992, CVE-2023-53994, CVE-2023-53995, CVE-2023-53996, CVE-2023-53997, CVE-2023-53998, CVE-2023-53999, CVE-2023-54000, CVE-2023-54001, CVE-2023-54005, CVE-2023-54006, CVE-2023-54008, CVE-2023-54014, CVE-2023-54016, CVE-2023-54017, CVE-2023-54019, CVE-2023-54022, CVE-2023-54023, CVE-2023-54025, CVE-2023-54026, CVE-2023-54027, CVE-2023-54030, CVE-2023-54031, CVE-2023-54032, CVE-2023-54035, CVE-2023-54037, CVE-2023-54038, CVE-2023-54042, CVE-2023-54045, CVE-2023-54048, CVE-2023-54049, CVE-2023-54051, CVE-2023-54052, CVE-2023-54060, CVE-2023-54064, CVE-2023-54066, CVE-2023-54067, CVE-2023-54069, CVE-2023-54070, CVE-2023-54072, CVE-2023-54076, CVE-2023-54080, CVE-2023-54081, CVE-2023-54083, CVE-2023-54088, CVE-2023-54089, CVE-2023-54091, CVE-2023-54092, CVE-2023-54093, CVE-2023-54094, CVE-2023-54095, CVE-2023-54096, CVE-2023-54099, CVE-2023-54101, CVE-2023-54104, CVE-2023-54106, CVE-2023-54112, CVE-2023-54113, CVE-2023-54115, CVE-2023-54117, CVE-2023-54121, CVE-2023-54125, CVE-2023-54127, CVE-2023-54133, CVE-2023-54134, CVE-2023-54135, CVE-2023-54136, CVE-2023-54137, CVE-2023-54140, CVE-2023-54141, CVE-2023-54142, CVE-2023-54143, CVE-2023-54145, CVE-2023-54148, CVE-2023-54149, CVE-2023-54153, CVE-2023-54154, CVE-2023-54155, CVE-2023-54156, CVE-2023-54164, CVE-2023-54166, CVE-2023-54169, CVE-2023-54170, CVE-2023-54171, CVE-2023-54172, CVE-2023-54173, CVE-2023-54177, CVE-2023-54178, CVE-2023-54179, CVE-2023-54181, CVE-2023-54183, CVE-2023-54185, CVE-2023-54189, CVE-2023-54194, CVE-2023-54201, CVE-2023-54204, CVE-2023-54207, CVE-2023-54209, CVE-2023-54210, CVE-2023-54211, CVE-2023-54215, CVE-2023-54219, CVE-2023-54220, CVE-2023-54221, CVE-2023-54223, CVE-2023-54224, CVE-2023-54225, CVE-2023-54227, CVE-2023-54229, CVE-2023-54230, CVE-2023-54235, CVE-2023-54240, CVE-2023-54241, CVE-2023-54246, CVE-2023-54247, CVE-2023-54251, CVE-2023-54253, CVE-2023-54254, CVE-2023-54255, CVE-2023-54258, CVE-2023-54261, CVE-2023-54263, CVE-2023-54264, CVE-2023-54266, CVE-2023-54267, CVE-2023-54271, CVE-2023-54276, CVE-2023-54278, CVE-2023-54281, CVE-2023-54282, CVE-2023-54283, CVE-2023-54285, CVE-2023-54289, CVE-2023-54291, CVE-2023-54292, CVE-2023-54293, CVE-2023-54296, CVE-2023-54297, CVE-2023-54299, CVE-2023-54300, CVE-2023-54302, CVE-2023-54303, CVE-2023-54304, CVE-2023-54309, CVE-2023-54312, CVE-2023-54313, CVE-2023-54314, CVE-2023-54315, CVE-2023-54316, CVE-2023-54318, CVE-2023-54319, CVE-2023-54322, CVE-2023-54324, CVE-2023-54326, CVE-2024-26944, CVE-2025-38321, CVE-2025-38728, CVE-2025-39890, CVE-2025-39977, CVE-2025-40006, CVE-2025-40024, CVE-2025-40033, CVE-2025-40042, CVE-2025-40053, CVE-2025-40081, CVE-2025-40102, CVE-2025-40134, CVE-2025-40135, CVE-2025-40153, CVE-2025-40158, CVE-2025-40167, CVE-2025-40170, CVE-2025-40178, CVE-2025-40179, CVE-2025-40187, CVE-2025-40211, CVE-2025-40215, CVE-2025-40219, CVE-2025-40220, CVE-2025-40223, CVE-2025-40233, CVE-2025-40242, CVE-2025-40244, CVE-2025-40256, CVE-2025-40258, CVE-2025-40262, CVE-2025-40263, CVE-2025-40269, CVE-2025-40272, CVE-2025-40273, CVE-2025-40275, CVE-2025-40277, CVE-2025-40280, CVE-2025-40282, CVE-2025-40283, CVE-2025-40284, CVE-2025-40288, CVE-2025-40297, CVE-2025-40301, CVE-2025-40304, CVE-2025-40306, CVE-2025-40308, CVE-2025-40309, CVE-2025-40310, CVE-2025-40311, CVE-2025-40312, CVE-2025-40314, CVE-2025-40315, CVE-2025-40316, CVE-2025-40317, CVE-2025-40318, CVE-2025-40320, CVE-2025-40321, CVE-2025-40322, CVE-2025-40323, CVE-2025-40324, CVE-2025-40328, CVE-2025-40329, CVE-2025-40331, CVE-2025-40342, CVE-2025-40343, CVE-2025-40345, CVE-2025-40349, CVE-2025-40351, CVE-2025-68168, CVE-2025-68172, CVE-2025-68176, CVE-2025-68180, CVE-2025-68183, CVE-2025-68185, CVE-2025-68192, CVE-2025-68194, CVE-2025-68195, CVE-2025-68217, CVE-2025-68218, CVE-2025-68222, CVE-2025-68233, CVE-2025-68235, CVE-2025-68237, CVE-2025-68238, CVE-2025-68244, CVE-2025-68249, CVE-2025-68252, CVE-2025-68257, CVE-2025-68258, CVE-2025-68259, CVE-2025-68286, CVE-2025-68287, CVE-2025-68289, CVE-2025-68290, CVE-2025-68303, CVE-2025-68305, CVE-2025-68307, CVE-2025-68308, CVE-2025-68312, CVE-2025-68313, CVE-2025-68328, CVE-2025-68330, CVE-2025-68331, CVE-2025-68332, CVE-2025-68335, CVE-2025-68339, CVE-2025-68345, CVE-2025-68346, CVE-2025-68347, CVE-2025-68354, CVE-2025-68362, CVE-2025-68380, CVE-2025-68724, CVE-2025-68732, CVE-2025-68734, CVE-2025-68740, CVE-2025-68746, CVE-2025-68750, CVE-2025-68753, CVE-2025-68757, CVE-2025-68758, CVE-2025-68759, CVE-2025-68765, CVE-2025-68766

SuSE: SUSE-SU-2026:0293-1

Detections

Analytics