SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2026:0447-1)

high Nessus Plugin ID 298739

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0447-1 advisory.

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim (bsc#1256280).
- CVE-2025-39880: libceph: fix invalid accesses to ceph_connection_v1_info (bsc#1250388).
- CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871).
- CVE-2025-40254: net: openvswitch: remove never-working support for setting nsh fields (bsc#1254852).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
- CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (bsc#1254839).
- CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835).
- CVE-2025-40328: smb: client: fix potential UAF in smb2_close_cached_fid() (bsc#1254624).
- CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (bsc#1255260).
- CVE-2025-40355: sysfs: check visibility before changing group attribute ownership (bsc#1255261).
- CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102).
- CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255).
- CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327).
- CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266).
- CVE-2025-68188: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() (bsc#1255269).
- CVE-2025-68200: bpf: Add bpf_prog_run_data_pointers() (bsc#1255241).
- CVE-2025-68215: ice: fix PTP cleanup on driver removal in error path (bsc#1255226).
- CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216).
- CVE-2025-68241: ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (bsc#1255157).
- CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268).
- CVE-2025-68261: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (bsc#1255164).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128).
- CVE-2025-68297: ceph: fix crash in process_v2_sparse_read() for encrypted directories (bsc#1255403).
- CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path (bsc#1255120).
- CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172).
- CVE-2025-68325: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (bsc#1255417).
- CVE-2025-68327: usb: renesas_usbhs: Fix synchronous external abort on unbind (bsc#1255488).
- CVE-2025-68337: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (bsc#1255482).
- CVE-2025-68349: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (bsc#1255544).
- CVE-2025-68363: bpf: Check skb->transport_header is set in bpf_skb_check_mtu (bsc#1255552).
- CVE-2025-68365: fs/ntfs3: Initialize allocated memory before use (bsc#1255548).
- CVE-2025-68366: nbd: defer config unlock in nbd_genl_connect (bsc#1255622).
- CVE-2025-68367: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (bsc#1255547).
- CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
- CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695).
- CVE-2025-68727: ntfs3: Fix uninit buffer allocated by __getname() (bsc#1255568).
- CVE-2025-68728: ntfs3: fix uninit memory after failed mi_read in mi_format_new (bsc#1255539).
- CVE-2025-68733: smack: fix bug: unprivileged task can create labels (bsc#1255615).
- CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930).
- CVE-2025-68768: inet: frags: add inet_frag_queue_flush() (bsc#1256579).
- CVE-2025-68770: bnxt_en: Fix XDP_TX path (bsc#1256584).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665).
- CVE-2025-68776: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (bsc#1256659).
- CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638).
- CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688).
- CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689).
- CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (bsc#1256646).
- CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653).
- CVE-2025-68803: nfsd: set security label during create operations (bsc#1256770).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-68814: io_uring: fix filename leak in __io_openat_prep() (bsc#1256651).
- CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict (bsc#1256680).
- CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674).
- CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4_raw_inode() (bsc#1256754).
- CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613).
- CVE-2025-71080: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (bsc#1256608).
- CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71087: iavf: fix off-by-one issues in iavf_config_rss_reg() (bsc#1256628).
- CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71091: team: fix check for port enabled in team_queue_override_port_prio_changed() (bsc#1256773).
- CVE-2025-71093: e1000: fix OOB in e1000_tbi_should_accept() (bsc#1256777).
- CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597).
- CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605).
- CVE-2025-71096: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (bsc#1256606).
- CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects (bsc#1256607).
- CVE-2025-71098: ip6_gre: make ip6gre_header() robust (bsc#1256591).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2025-71123: ext4: fix string copying in parse_apply_sb_mount_options() (bsc#1256757).
- CVE-2025-71133: RDMA/irdma: avoid invalid read in irdma_net_event (bsc#1256733).
- CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (bsc#1256761).
- CVE-2025-71137: octeontx2-pf: fix 'UBSAN: shift-out-of-bounds error' (bsc#1256760).
- CVE-2025-71149: io_uring/poll: correctly handle io_poll_add() return value on update (bsc#1257164).
- CVE-2025-71156: gve: defer interrupt enabling until NAPI registration (bsc#1257167).
- CVE-2025-71157: RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (bsc#1257168).
- CVE-2026-22976: net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset (bsc#1257035).
- CVE-2026-22977: net: sock: fix hardened usercopy panic in sock_recv_errqueue (bsc#1257053).
- CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handle_auth_done() (bsc#1257217).
- CVE-2026-22990: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (bsc#1257221).
- CVE-2026-22991: libceph: make free_choose_arg_map() resilient to partial allocation (bsc#1257220).
- CVE-2026-22992: libceph: return the handler error from mon_handle_auth_done() (bsc#1257218).
- CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180).
- CVE-2026-22996: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv.
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245).
- CVE-2026-23011: ipv4: ip_gre: make ipgre_header() robust (bsc#1257207).

The following non security issues were fixed:

- ALSA: ctxfi: Fix potential OOB access in audio mixer handling (stable-fixes).
- ALSA: scarlett2: Fix buffer overflow in config retrieval (git-fixes).
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (git-fixes).
- ALSA: usb-audio: Update for native DSD support quirks (stable-fixes).
- ALSA: usb: Increase volume range that triggers a warning (git-fixes).
- ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 (stable-fixes).
- ASoC: codecs: wsa881x: Drop unused version readout (stable-fixes).
- ASoC: codecs: wsa881x: fix unnecessary initialisation (git-fixes).
- ASoC: codecs: wsa883x: fix unnecessary initialisation (git-fixes).
- ASoC: codecs: wsa884x: fix codec initialisation (git-fixes).
- ASoC: fsl_sai: Add missing registers to cache default (stable-fixes).
- ASoC: fsl: imx-card: Do not force slot width to sample width (git-fixes).
- ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion (git-fixes).
- ASoC: tlv320adcx140: fix null pointer (git-fixes).
- ASoC: tlv320adcx140: fix word length (git-fixes).
- ata: libata: Add cpr_log to ata_dev_print_features() early return (git-fixes).
- Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (git-fixes).
- Bluetooth: MGMT: Fix memory leak in set_ssp_complete (git-fixes).
- bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569).
- bpf/selftests: test_select_reuseport_kern: Remove unused header (bsc#1257603).
- bs-upload-kernel: Fix cve branch uploads.
- btrfs: do not strictly require dirty metadata threshold for metadata writepages (stable-fixes).
- can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit (git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak (git-fixes).
- can: etas_es58x: allow partial RX URB allocation to succeed (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): fix error message (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error (git-fixes).
- can: j1939: make j1939_session_activate() fail if device is no longer registered (stable-fixes).
- can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak (git-fixes).
- can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak (git-fixes).
- can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak (git-fixes).
- cifs: add new field to track the last access time of cfid (git-fixes).
- cifs: after disabling multichannel, mark tcon for reconnect (git-fixes).
- cifs: avoid redundant calls to disable multichannel (git-fixes).
- cifs: cifs_pick_channel should try selecting active channels (git-fixes).
- cifs: deal with the channel loading lag while picking channels (git-fixes).
- cifs: dns resolution is needed only for primary channel (git-fixes).
- cifs: do not disable interface polling on failure (git-fixes).
- cifs: do not search for channel if server is terminating (git-fixes).
- cifs: fix a pending undercount of srv_count (git-fixes).
- cifs: Fix copy offload to flush destination region (bsc#1252511).
- cifs: Fix flushing, invalidation and file size with copy_file_range() (bsc#1252511).
- cifs: fix lock ordering while disabling multichannel (git-fixes).
- cifs: fix stray unlock in cifs_chan_skip_or_disable (git-fixes).
- cifs: fix use after free for iface while disabling secondary channels (git-fixes).
- cifs: handle servers that still advertise multichannel after disabling (git-fixes).
- cifs: handle when server starts supporting multichannel (git-fixes).
- cifs: handle when server stops supporting multichannel (git-fixes).
- cifs: make cifs_chan_update_iface() a void function (git-fixes).
- cifs: make sure server interfaces are requested only for SMB3+ (git-fixes).
- cifs: make sure that channel scaling is done only once (git-fixes).
- cifs: reconnect worker should take reference on server struct unconditionally (git-fixes).
- cifs: reset connections for all channels when reconnect requested (git-fixes).
- cifs: reset iface weights when we cannot find a candidate (git-fixes).
- cifs: serialize other channels when query server interfaces is pending (git-fixes).
- cifs: update dstaddr whenever channel iface is updated (git-fixes).
- comedi: dmm32at: serialize use of paged registers (git-fixes).
- comedi: fix divide-by-zero in comedi_buf_munge() (stable-fixes).
- comedi: Fix getting range information for subdevices 16 to 255 (git-fixes).
- cpuset: fix warning when disabling remote partition (bsc#1256794).
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (git-fixes).
- dmaengine: apple-admac: Add 'apple,t8103-admac' compatible (git-fixes).
- dmaengine: at_hdmac: fix device leak on of_dma_xlate() (git-fixes).
- dmaengine: bcm-sba-raid: fix device leak on probe (git-fixes).
- dmaengine: dw: dmamux: fix OF node leak on route allocation failure (git-fixes).
- dmaengine: idxd: fix device leaks on compat bind and unbind (git-fixes).
- dmaengine: lpc18xx-dmamux: fix device leak on route allocation (git-fixes).
- dmaengine: omap-dma: fix dma_pool resource leak in error paths (git-fixes).
- dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() (git-fixes).
- dmaengine: sh: rz-dmac: Fix rz_dmac_terminate_all() (git-fixes).
- dmaengine: tegra-adma: Fix use-after-free (git-fixes).
- dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation (git-fixes).
- dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation (git-fixes).
- dmaengine: ti: k3-udma: fix device leak on udma lookup (git-fixes).
- dmaengine: xilinx_dma: Fix uninitialized addr_width when 'xlnx,addrwidth' property is missing (git- fixes).
- dmaengine: xilinx: xdma: Fix regmap max_register (git-fixes).
- dpll: fix device-id-get and pin-id-get to return errors properly (git-fixes).
- dpll: fix return value check for kmemdup (git-fixes).
- dpll: indent DPLL option type by a tab (git-fixes).
- dpll: Prevent duplicate registrations (git-fixes).
- dpll: spec: add missing module-name and clock-id to pin-get reply (git-fixes).
- drm/amd: Clean up kfd node on surprise disconnect (stable-fixes).
- drm/amd/display: Apply e4479aecf658 to dml (stable-fixes).
- drm/amd/display: Bump the HDMI clock to 340MHz (stable-fixes).
- drm/amd/display: Fix DP no audio issue (stable-fixes).
- drm/amd/display: Initialise backlight level values from hw (git-fixes).
- drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files (stable-fixes).
- drm/amd/display: shrink struct members (stable-fixes).
- drm/amd/pm: Don't clear SI SMC table when setting power limit (git-fixes).
- drm/amd/pm: fix race in power state check before mutex lock (git-fixes).
- drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 (git-fixes).
- drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) (git-fixes).
- drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() (git-fixes).
- drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove (git-fixes).
- drm/amdgpu: Fix query for VPE block_type and ip_count (stable-fixes).
- drm/amdgpu: remove frame cntl for gfx v12 (stable-fixes).
- drm/amdkfd: fix a memory leak in device_queue_manager_init() (git-fixes).
- drm/amdkfd: Fix improper NULL termination of queue restore SMI event string (stable-fixes).
- drm/imagination: Wait for FW trace update command completion (git-fixes).
- drm/imx/tve: fix probe device leak (git-fixes).
- drm/msm/a6xx: fix bogus hwcg register updates (git-fixes).
- drm/nouveau: add missing DCB connector types (git-fixes).
- drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors (git-fixes).
- drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) (stable-fixes).
- drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare (git-fixes).
- drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel (git-fixes).
- drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (stable-fixes).
- drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() (git-fixes).
- drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions (git-fixes).
- exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (git-fixes).
- exfat: fix remount failure in different process environments (git-fixes).
- gpio: omap: do not register driver in probe() (git-fixes).
- gpio: pca953x: Add support for level-triggered interrupts (stable-fixes).
- gpio: pca953x: fix wrong error probe return value (git-fixes).
- gpio: pca953x: handle short interrupt pulses on PCAL devices (git-fixes).
- gpio: pca953x: Utilise dev_err_probe() where it makes sense (stable-fixes).
- gpio: pca953x: Utilise temporary variable for struct device (stable-fixes).
- gpio: rockchip: Stop calling pinctrl for set_direction (git-fixes).
- HID: usbhid: paper over wrong bNumDescriptor field (stable-fixes).
- ice: use netif_get_num_default_rss_queues() (bsc#1247712).
- iio: accel: iis328dq: fix gain values (git-fixes).
- iio: adc: ad7280a: handle spi_setup() errors in probe() (git-fixes).
- iio: adc: ad9467: fix ad9434 vref mask (git-fixes).
- iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver (git-fixes).
- iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl (git-fixes).
- iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection (git-fixes).
- Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA (stable-fixes).
- Input: i8042 - add quirks for MECHREVO Wujie 15X Pro (stable-fixes).
- intel_th: fix device leak on output open() (git-fixes).
- leds: led-class: Only Add LED to leds_list when it is fully ready (git-fixes).
- lib/crypto: aes: Fix missing MMU protection for AES S-box (git-fixes).
- mei: me: add nova lake point S DID (stable-fixes).
- mei: me: add wildcat lake P DID (stable-fixes).
- mISDN: annotate data-race around dev->work (git-fixes).
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087).
- mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function (git-fixes).
- mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode (git-fixes).
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts (git-fixes).
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: mana: Add metadata support for xdp mode (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Add support for auxiliary device servicing events (git-fixes).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (git-fixes).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (git-fixes).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: usb: dm9601: remove broken SR9700 support (git-fixes).
- net: wwan: t7xx: fix potential skb->frags overflow in RX path (git-fixes).
- nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame() (git-fixes).
- nfc: nci: Fix race between rfkill and nci_unregister_device() (git-fixes).
- NFS: Fix up the automount fs_context to use the correct cred (git-fixes).
- nfsd: Drop the client reference in client_states_open() (git-fixes).
- NFSD: Fix permission check for read access to executable-only files (git-fixes).
- NFSD: use correct reservation type in nfsd4_scsi_fence_client (git-fixes).
- NFSD/blocklayout: Fix minlength check in proc_layoutget (git-fixes).
- NFSv4: ensure the open stateid seqid doesn't go backwards (git-fixes).
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (git-fixes).
- nvmet-auth: update sc_c in host response (git-fixes).
- nvmet-auth: update sc_c in target host hash calculation (git-fixes).
- of: fix reference count leak in of_alias_scan() (git-fixes).
- of: platform: Use default match table for /firmware (git-fixes).
- phy: freescale: imx8m-pcie: assert phy reset during power on (stable-fixes).
- phy: rockchip: inno-usb2: fix communication disruption in gadget mode (git-fixes).
- phy: rockchip: inno-usb2: fix disconnection in gadget mode (git-fixes).
- phy: stm32-usphyc: Fix off by one in probe() (git-fixes).
- phy: tegra: xusb: Explicitly configure HS_DISCON_LEVEL to 0x7 (git-fixes).
- platform/x86: hp-bioscfg: Fix automatic module loading (git-fixes).
- platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro (git-fixes).
- platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names (git-fixes).
- platform/x86/amd: Fix memory leak in wbrf_record() (git-fixes).
- pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() (git-fixes).
- powercap: fix race condition in register_control_type() (stable-fixes).
- powercap: fix sscanf() error return value handling (stable-fixes).
- powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
- RDMA/mana_ib: Access remote atomic for MRs (git-fixes).
- RDMA/mana_ib: add additional port counters (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- RDMA/mana_ib: add support of multiple ports (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Fix integer overflow during queue creation (git-fixes).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- RDMA/mana_ib: Use safer allocation function() (git-fixes).
- regmap: Fix race condition in hwspinlock irqsave routine (git-fixes).
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- sched/rt: Skip group schedulable check with rt_group_sched=0 (bsc#1256568).
- scripts: obsapi: Support URL trailing / in oscrc.
- scripts: teaapi: Add paging.
- scripts: uploader: Fix no change condition for _maintainership.json.
- scripts: uploader: Handle missing upstream in is_pr_open.
- scripts/python/git_sort/git_sort.yaml: add cifs for-next repository.
- scrits: teaapi: Add list_repos.
- scsi: lpfc: Rework lpfc_sli4_fcf_rr_next_index_get() (bsc#1256861).
- scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256861).
- scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256863).
- scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256863).
- scsi: qla2xxx: Add Speed in SFP print information (bsc#1256863).
- scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256863).
- scsi: qla2xxx: Allow recovery for tape devices (bsc#1256863).
- scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256863).
- scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256863).
- scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256863).
- scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256863).
- scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256863).
- scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256863).
- scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256863).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- selftests: net: fib-onlink-tests: Convert to use namespaces by default (bsc#1255346).
- selftests/bpf: Fix flaky bpf_cookie selftest (git-fixes).
- serial: 8250_pci: Fix broken RS485 for F81504/508/512 (git-fixes).
- slimbus: core: fix device reference leak on report present (git-fixes).
- slimbus: core: fix OF node leak on registration failure (git-fixes).
- slimbus: core: fix of_slim_get_device() kernel doc (git-fixes).
- slimbus: core: fix runtime PM imbalance on report present (git-fixes).
- smb: change re ...

Please note that the description has been truncated due to length. Please refer to vendor advisory for the full description.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 298739

File Name: suse_SU-2026-0447-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 2/12/2026

Updated: 2/12/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-39913

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-macros, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-64kb-devel, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-devel, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/11/2026

Vulnerability Publication Date: 4/27/2024

Reference Information

CVE: CVE-2023-53714, CVE-2023-54013, CVE-2024-27005, CVE-2024-42103, CVE-2024-53070, CVE-2024-53149, CVE-2024-56721, CVE-2025-22047, CVE-2025-37744, CVE-2025-37751, CVE-2025-37813, CVE-2025-38209, CVE-2025-38243, CVE-2025-38322, CVE-2025-38379, CVE-2025-38539, CVE-2025-39689, CVE-2025-39813, CVE-2025-39829, CVE-2025-39836, CVE-2025-39880, CVE-2025-39913, CVE-2025-40097, CVE-2025-40106, CVE-2025-40132, CVE-2025-40136, CVE-2025-40142, CVE-2025-40166, CVE-2025-40177, CVE-2025-40181, CVE-2025-40202, CVE-2025-40238, CVE-2025-40254, CVE-2025-40257, CVE-2025-40259, CVE-2025-40261, CVE-2025-40264, CVE-2025-40328, CVE-2025-40350, CVE-2025-40355, CVE-2025-40363, CVE-2025-68171, CVE-2025-68174, CVE-2025-68178, CVE-2025-68188, CVE-2025-68200, CVE-2025-68215, CVE-2025-68227, CVE-2025-68241, CVE-2025-68245, CVE-2025-68254, CVE-2025-68256, CVE-2025-68261, CVE-2025-68284, CVE-2025-68285, CVE-2025-68296, CVE-2025-68297, CVE-2025-68301, CVE-2025-68320, CVE-2025-68325, CVE-2025-68327, CVE-2025-68337, CVE-2025-68349, CVE-2025-68363, CVE-2025-68365, CVE-2025-68366, CVE-2025-68367, CVE-2025-68372, CVE-2025-68379, CVE-2025-68725, CVE-2025-68727, CVE-2025-68728, CVE-2025-68733, CVE-2025-68764, CVE-2025-68768, CVE-2025-68770, CVE-2025-68771, CVE-2025-68773, CVE-2025-68775, CVE-2025-68776, CVE-2025-68777, CVE-2025-68783, CVE-2025-68788, CVE-2025-68795, CVE-2025-68797, CVE-2025-68798, CVE-2025-68800, CVE-2025-68801, CVE-2025-68802, CVE-2025-68803, CVE-2025-68804, CVE-2025-68808, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815, CVE-2025-68816, CVE-2025-68819, CVE-2025-68820, CVE-2025-71064, CVE-2025-71066, CVE-2025-71076, CVE-2025-71077, CVE-2025-71078, CVE-2025-71079, CVE-2025-71080, CVE-2025-71081, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71088, CVE-2025-71089, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71095, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71099, CVE-2025-71100, CVE-2025-71101, CVE-2025-71108, CVE-2025-71111, CVE-2025-71112, CVE-2025-71114, CVE-2025-71116, CVE-2025-71118, CVE-2025-71119, CVE-2025-71120, CVE-2025-71123, CVE-2025-71130, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71135, CVE-2025-71136, CVE-2025-71137, CVE-2025-71138, CVE-2025-71141, CVE-2025-71142, CVE-2025-71143, CVE-2025-71145, CVE-2025-71147, CVE-2025-71149, CVE-2025-71154, CVE-2025-71156, CVE-2025-71157, CVE-2025-71162, CVE-2025-71163, CVE-2026-22976, CVE-2026-22977, CVE-2026-22978, CVE-2026-22984, CVE-2026-22985, CVE-2026-22988, CVE-2026-22990, CVE-2026-22991, CVE-2026-22992, CVE-2026-22993, CVE-2026-22996, CVE-2026-22997, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001, CVE-2026-23005, CVE-2026-23006, CVE-2026-23011

SuSE: SUSE-SU-2026:0447-1

Detections

Analytics