openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20416-1)

critical Nessus Plugin ID 304219

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20416-1 advisory.

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues.

The following security issues were fixed:

- CVE-2025-39753: gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops (bsc#1249590).
- CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966).
- CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911).
- CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924).
- CVE-2025-40230: mm: prevent poison consumption when splitting THP (bsc#1254817).
- CVE-2025-68173: ftrace: Fix softlockup in ftrace_module_enable (bsc#1255311).
- CVE-2025-68186: ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up (bsc#1255144).
- CVE-2025-68292: mm/memfd: fix information leak in hugetlb folios (bsc#1255148).
- CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129).
- CVE-2025-68329: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (bsc#1255490).
- CVE-2025-68371: scsi: smartpqi: Fix device resources accessed after device removal (bsc#1255572).
- CVE-2025-68745: scsi: qla2xxx: Clear cmds after chip reset (bsc#1255721).
- CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640).
- CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679).
- CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802).
- CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708).
- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).
- CVE-2025-71134: mm/page_alloc: change all pageblocks migrate type on coalescing (bsc#1256732).
- CVE-2025-71161: dm-verity: disable recursive forward error correction (bsc#1257174).
- CVE-2025-71184: btrfs: tracepoints: use btrfs_root_id() to get the id of a root (bsc#1257635).
- CVE-2025-71193: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend (bsc#1257686).
- CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411).
- CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228).
- CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209).
- CVE-2026-23003: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() (bsc#1257246).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23010: ipv6: Fix use-after-free in inet6_addr_del() (bsc#1257332).
- CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552).
- CVE-2026-23022: idpf: fix memory leak in idpf_vc_core_deinit() (bsc#1257581).
- CVE-2026-23023: idpf: fix memory leak in idpf_vport_rel() (bsc#1257556).
- CVE-2026-23024: idpf: fix memory leak of flow steer list on rmmod (bsc#1257572).
- CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559).
- CVE-2026-23042: idpf: fix aux device unplugging when rdma is not supported by vport (bsc#1257705).
- CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682).
- CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718).
- CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).
- CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).
- CVE-2026-23066: rxrpc: Fix recvmsg() unconditional requeue (bsc#1257726).
- CVE-2026-23068: spi: spi-sprd-adi: Fix double free in probe error path (bsc#1257805).
- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).
- CVE-2026-23070: Octeontx2-af: Add proper checks for fwdata (bsc#1257709).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23083: tools: ynl-gen: use big-endian netlink attribute types (bsc#1257745).
- CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830).
- CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758).
- CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757).
- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).
- CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).
- CVE-2026-23097: migrate: correct lock ordering for hugetlb file folios (bsc#1257815).
- CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816).
- CVE-2026-23100: mm/hugetlb: fix hugetlb_pmd_shared() (bsc#1257817).
- CVE-2026-23102: arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772).
- CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).
- CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775).
- CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762).
- CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181).
- CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184).
- CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277).
- CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273).
- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).
- CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304).
- CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377).
- CVE-2026-23142: mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure (bsc#1258289).
- CVE-2026-23144: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (bsc#1258290).
- CVE-2026-23148: nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (bsc#1258258).
- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).
- CVE-2026-23161: mm/shmem, swap: fix race of truncate and swap entry split (bsc#1258355).
- CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272).
- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).
- CVE-2026-23171: bonding: fix use-after-free due to enslave fail after slave array update (bsc#1258349).
- CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520).
- CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394).
- CVE-2026-23189: ceph: fix NULL pointer dereference in ceph_mds_auth_match() (bsc#1258308).
- CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321).
- CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23210: ice: Fix PTP NULL pointer dereference during VSI rebuild (bsc#1258517).
- CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).
- CVE-2026-23223: xfs: fix UAF in xchk_btree_check_block_owner (bsc#1258483).
- CVE-2026-23224: erofs: fix UAF issue for file-backed mounts w/ directio option (bsc#1258461).

The following non security issues were fixed:

- ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes).
- Add bugnumber to existing mana and mana_ib changes (bsc#1251135 bsc#1251971).
- HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (bsc#1258455).
- HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes).
- PCI/DOE: Poll DOE Busy bit for up to 1 second in pci_doe_send_req() (bsc#1255868).
- PCI: Add ASPEED vendor ID to pci_ids.h (bsc#1258672)
- PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (bsc#1258672)
- PM: sleep: wakeirq: Update outdated documentation comments (git-fixes).
- Refresh and move upstreamed ath12k patch into sorted section
- Update drm/mgag200: fix mgag200_bmc_stop_scanout() bug number (bsc#1258153)
- add bugnumber to existing mana change (bsc#1252266).
- arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS (bsc#1259329)
- bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- clk: qcom: gcc-sm8450: Update the SDCC RCGs to use shared_floor_ops (git-fixes).
- clocksource: Fix the CPUs' choice in the watchdog per CPU verification (bsc#1257818).
- clocksource: Print durations for sync check unconditionally (bsc#1257818).
- clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1257818).
- clocksource: Use pr_info() for Checking clocksource synchronization message (bsc#1257818).
- dm: Fix deadlock when reloading a multipath table (bsc#1254928).
- drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes).
- gpiolib-acpi: Update file references in the Documentation and MAINTAINERS (git-fixes).
- i3c: master: Update hot-join flag only on success (git-fixes).
- ktls, sockmap: Fix missing uncharge operation (bsc#1252008).
- media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes).
- modpost: Ensure exported symbol namespaces are not quoted (bsc#1258489).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- platform/x86/amd: amd_3d_vcache: Add AMD 3D V-Cache optimizer driver (jsc#PED-11563).
- sched/core: Avoid direct access to hrtimer clockbase (bsc#1234634).
- sched/deadline: Fix race in push_dl_task() (bsc#1234634).
- sched/deadline: Stop dl_server before CPU goes offline (bsc#1234634).
- sched/fair: Fix pelt clock sync when entering idle (bsc#1234634).
- sched/fair: Fix pelt lost idle time detection (bsc#1234634).
- staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 304219

File Name: openSUSE-2026-20416-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 3/29/2026

Updated: 3/29/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23112

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:gfs2-kmp-default, p-cpe:/a:novell:opensuse:dtb-nvidia, p-cpe:/a:novell:opensuse:dtb-freescale, p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-rt-extra, p-cpe:/a:novell:opensuse:dtb-allwinner, p-cpe:/a:novell:opensuse:dtb-socionext, p-cpe:/a:novell:opensuse:dtb-amd, p-cpe:/a:novell:opensuse:cluster-md-kmp-default, p-cpe:/a:novell:opensuse:dtb-exynos, p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-mediatek, p-cpe:/a:novell:opensuse:dtb-amlogic, p-cpe:/a:novell:opensuse:cluster-md-kmp-rt, p-cpe:/a:novell:opensuse:dtb-arm, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:dtb-qcom, p-cpe:/a:novell:opensuse:dtb-sprd, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:dtb-altera, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kselftests-kmp-rt, p-cpe:/a:novell:opensuse:dlm-kmp-azure, p-cpe:/a:novell:opensuse:gfs2-kmp-rt, p-cpe:/a:novell:opensuse:kernel-64kb-optional, p-cpe:/a:novell:opensuse:kernel-rt-vdso, p-cpe:/a:novell:opensuse:dtb-hisilicon, p-cpe:/a:novell:opensuse:dtb-marvell, p-cpe:/a:novell:opensuse:kernel-azure-optional, p-cpe:/a:novell:opensuse:kernel-kvmsmall, p-cpe:/a:novell:opensuse:dlm-kmp-default, p-cpe:/a:novell:opensuse:dtb-apm, p-cpe:/a:novell:opensuse:cluster-md-kmp-azure, p-cpe:/a:novell:opensuse:dtb-renesas, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-rt, p-cpe:/a:novell:opensuse:kernel-azure-vdso, p-cpe:/a:novell:opensuse:kselftests-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-kvmsmall-vdso, p-cpe:/a:novell:opensuse:ocfs2-kmp-rt, p-cpe:/a:novell:opensuse:dtb-rockchip, p-cpe:/a:novell:opensuse:gfs2-kmp-azure, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-azure, p-cpe:/a:novell:opensuse:dlm-kmp-64kb, cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:dtb-apple, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:dtb-amazon, p-cpe:/a:novell:opensuse:dlm-kmp-rt, p-cpe:/a:novell:opensuse:kernel-64kb-extra, p-cpe:/a:novell:opensuse:dtb-broadcom, p-cpe:/a:novell:opensuse:kernel-azure-extra, p-cpe:/a:novell:opensuse:kernel-zfcpdump, p-cpe:/a:novell:opensuse:dtb-cavium, p-cpe:/a:novell:opensuse:dtb-lg, p-cpe:/a:novell:opensuse:kernel-rt-optional, p-cpe:/a:novell:opensuse:kernel-default-vdso, p-cpe:/a:novell:opensuse:kselftests-kmp-default, p-cpe:/a:novell:opensuse:ocfs2-kmp-azure, p-cpe:/a:novell:opensuse:dtb-xilinx, p-cpe:/a:novell:opensuse:kernel-64kb, p-cpe:/a:novell:opensuse:kernel-default-optional, p-cpe:/a:novell:opensuse:ocfs2-kmp-default, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:gfs2-kmp-64kb, p-cpe:/a:novell:opensuse:kselftests-kmp-azure, p-cpe:/a:novell:opensuse:kernel-syms

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 3/25/2026

Vulnerability Publication Date: 9/11/2025

Reference Information

CVE: CVE-2025-39753, CVE-2025-39964, CVE-2025-40099, CVE-2025-40103, CVE-2025-40230, CVE-2025-68173, CVE-2025-68186, CVE-2025-68292, CVE-2025-68295, CVE-2025-68329, CVE-2025-68371, CVE-2025-68745, CVE-2025-68785, CVE-2025-68810, CVE-2025-68818, CVE-2025-71071, CVE-2025-71104, CVE-2025-71125, CVE-2025-71134, CVE-2025-71161, CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71185, CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71190, CVE-2025-71191, CVE-2025-71192, CVE-2025-71193, CVE-2025-71194, CVE-2025-71195, CVE-2025-71196, CVE-2025-71197, CVE-2025-71198, CVE-2025-71199, CVE-2025-71200, CVE-2025-71222, CVE-2025-71224, CVE-2025-71225, CVE-2025-71229, CVE-2025-71231, CVE-2025-71232, CVE-2025-71233, CVE-2025-71234, CVE-2025-71235, CVE-2025-71236, CVE-2026-22979, CVE-2026-22980, CVE-2026-22998, CVE-2026-23003, CVE-2026-23004, CVE-2026-23010, CVE-2026-23017, CVE-2026-23018, CVE-2026-23021, CVE-2026-23022, CVE-2026-23023, CVE-2026-23024, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031, CVE-2026-23033, CVE-2026-23035, CVE-2026-23037, CVE-2026-23038, CVE-2026-23042, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050, CVE-2026-23053, CVE-2026-23054, CVE-2026-23055, CVE-2026-23056, CVE-2026-23057, CVE-2026-23058, CVE-2026-23059, CVE-2026-23060, CVE-2026-23061, CVE-2026-23062, CVE-2026-23063, CVE-2026-23064, CVE-2026-23065, CVE-2026-23066, CVE-2026-23068, CVE-2026-23069, CVE-2026-23070, CVE-2026-23071, CVE-2026-23073, CVE-2026-23074, CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23082, CVE-2026-23083, CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096, CVE-2026-23097, CVE-2026-23099, CVE-2026-23100, CVE-2026-23101, CVE-2026-23102, CVE-2026-23104, CVE-2026-23105, CVE-2026-23107, CVE-2026-23108, CVE-2026-23110, CVE-2026-23111, CVE-2026-23112, CVE-2026-23116, CVE-2026-23119, CVE-2026-23121, CVE-2026-23123, CVE-2026-23128, CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135, CVE-2026-23136, CVE-2026-23137, CVE-2026-23139, CVE-2026-23141, CVE-2026-23142, CVE-2026-23144, CVE-2026-23145, CVE-2026-23146, CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23152, CVE-2026-23154, CVE-2026-23155, CVE-2026-23156, CVE-2026-23157, CVE-2026-23158, CVE-2026-23161, CVE-2026-23163, CVE-2026-23166, CVE-2026-23167, CVE-2026-23169, CVE-2026-23170, CVE-2026-23171, CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23177, CVE-2026-23178, CVE-2026-23179, CVE-2026-23182, CVE-2026-23188, CVE-2026-23189, CVE-2026-23190, CVE-2026-23191, CVE-2026-23198, CVE-2026-23202, CVE-2026-23207, CVE-2026-23208, CVE-2026-23209, CVE-2026-23210, CVE-2026-23213, CVE-2026-23214, CVE-2026-23221, CVE-2026-23222, CVE-2026-23223, CVE-2026-23224, CVE-2026-23229, CVE-2026-23230

Detections

Analytics