openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20826-1)

high Nessus Plugin ID 318102

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20826-1 advisory.

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603).
- CVE-2024-14027: xattr: switch to CLASS(fd) (bsc#1259420).
- CVE-2025-40181: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP (bsc#1253471).
- CVE-2025-68265: nvme: fix admin request_queue lifetime (bsc#1255360).
- CVE-2025-68310: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump (bsc#1255160).
- CVE-2025-71302: drm/panthor: fix for dma-fence safe access rules (bsc#1264837).
- CVE-2026-23168: flex_proportions: make fprop_new_period() hardirq safe (bsc#1258826).
- CVE-2026-23245: net/sched: act_gate: snapshot parameters with RCU on replace (bsc#1259799).
- CVE-2026-23271: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (bsc#1260018).
- CVE-2026-23276: net: add xmit recursion limit to tunnel xmit functions (bsc#1260012).
- CVE-2026-23300: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (bsc#1260538).
- CVE-2026-23313: i40e: Fix preempt count leak in napi poll tracepoint (bsc#1260555).
- CVE-2026-23316: net: ipv4: fix ARM64 alignment fault in multipath hash seed (bsc#1260573).
- CVE-2026-23321: mptcp: pm: in-kernel: always mark signal+subflow endp as used (bsc#1260505).
- CVE-2026-23340: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (bsc#1260523).
- CVE-2026-23346: arm64: io: Rename ioremap_prot() to __ioremap_prot() (bsc#1260529).
- CVE-2026-23351: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (bsc#1260526).
- CVE-2026-23354: x86/fred: Correct speculative safety in fred_extint() (bsc#1260801).
- CVE-2026-23368: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (bsc#1260530).
- CVE-2026-23374: blktrace: fix __this_cpu_read/write in preemptible context (bsc#1260811).
- CVE-2026-23375: mm: thp: deny THP for files on anonymous inodes (bsc#1260576).
- CVE-2026-23378: net/sched: act_ife: Fix metalist update behavior (bsc#1260546).
- CVE-2026-23391: netfilter: xt_CT: drop pending enqueued packets on template removal (bsc#1260566).
- CVE-2026-23392: netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1260531).
- CVE-2026-23397: nfnetlink_osf: validate individual option lengths in fingerprints (bsc#1260728).
- CVE-2026-23399: nf_tables: nft_dynset: fix possible stateful expression memleak in error path (bsc#1261020).
- CVE-2026-23417: bpf: Fix constant blinding for PROBE_MEM32 stores (bsc#1261410).
- CVE-2026-23436: net: add helpers for lookup and walking netdevs under netdev_lock() (bsc#1261617).
- CVE-2026-23437: net: shaper: protect late read accesses to the hierarchy (bsc#1261635).
- CVE-2026-23440: net/mlx5e: Fix race condition during IPSec ESN update (bsc#1261641).
- CVE-2026-23441: net/mlx5e: Prevent concurrent access to IPSec ASO context (bsc#1261768).
- CVE-2026-23442: ipv6: add NULL checks for idev in SRv6 paths (bsc#1261581).
- CVE-2026-23445: igc: fix page fault in XDP TX timestamps handling (bsc#1261702).
- CVE-2026-23449: net/sched: teql: Fix double-free in teql_master_xmit (bsc#1261779).
- CVE-2026-23450: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (bsc#1261584).
- CVE-2026-23455: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (bsc#1261687).
- CVE-2026-23456: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (bsc#1261703).
- CVE-2026-23457: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (bsc#1261686).
- CVE-2026-23458: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (bsc#1261781).
- CVE-2026-23468: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion (bsc#1261692).
- CVE-2026-23472: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN (bsc#1261636).
- CVE-2026-23473: io_uring/poll: fix multishot recv missing EOF on wakeup race (bsc#1261694).
- CVE-2026-31392: smb: client: fix krb5 mount with username option (bsc#1261788).
- CVE-2026-31395: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler (bsc#1261786).
- CVE-2026-31400: sunrpc: fix cache_request leak in cache_release (bsc#1261645).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261638).
- CVE-2026-31403: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (bsc#1261796).
- CVE-2026-31406: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (bsc#1261629).
- CVE-2026-31407: netfilter: conntrack: add missing netlink policy validations (bsc#1261632).
- CVE-2026-31411: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (bsc#1261752).
- CVE-2026-31415: ipv6: avoid overflows in ip6_datagram_send_ctl() (bsc#1262099).
- CVE-2026-31416: netfilter: nfnetlink_log: account for netlink header size (bsc#1262100).
- CVE-2026-31420: bridge: mrp: reject zero test interval to avoid OOM panic (bsc#1262055).
- CVE-2026-31421: net/sched: cls_fw: fix NULL pointer dereference on shared blocks (bsc#1262061).
- CVE-2026-31422: net/sched: cls_flow: fix NULL pointer dereference on shared blocks (bsc#1262054).
- CVE-2026-31423: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (bsc#1262063).
- CVE-2026-31424: netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (bsc#1262053).
- CVE-2026-31425: rds: ib: reject FRMR registration before IB connection is established (bsc#1262074).
- CVE-2026-31427: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (bsc#1262086).
- CVE-2026-31428: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (bsc#1262087).
- CVE-2026-31435: netfs: Fix read abandonment during retry (bsc#1262601).
- CVE-2026-31449: ext4: validate p_idx bounds in ext4_ext_correct_indexes (bsc#1262616).
- CVE-2026-31453: xfs: avoid dereferencing log items after push callbacks (bsc#1262617).
- CVE-2026-31456: mm/pagewalk: fix race between concurrent split and refault (bsc#1262627).
- CVE-2026-31494: net: cadence: macb: Synchronize stats calculations (bsc#1262671).
- CVE-2026-31496: netfilter: nf_conntrack_expect: skip expectations in other netns via proc (bsc#1262673).
- CVE-2026-31503: udp: Fix wildcard bind conflict check when using hash2 (bsc#1263077).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263085).
- CVE-2026-31505: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() (bsc#1263093).
- CVE-2026-31507: net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (bsc#1263095).
- CVE-2026-31515: af_key: validate families in pfkey_send_migrate() (bsc#1262752).
- CVE-2026-31519: btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (bsc#1263012).
- CVE-2026-31525: bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (bsc#1262725).
- CVE-2026-31526: bpf: Fix exception exit lock checking for subprogs (bsc#1262662).
- CVE-2026-31528: perf: Make sure to use pmu_ctx->pmu for groups (bsc#1263001).
- CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (bsc#1262758).
- CVE-2026-31547: drm/xe: Fix missing runtime PM reference in ccs_mode_store (bsc#1263018).
- CVE-2026-31550: pmdomain: bcm: bcm2835-power: Increase ASB control timeout (bsc#1263104).
- CVE-2026-31554: futex: Require sys_futex_requeue() to have identical flags (bsc#1263107).
- CVE-2026-31565: RDMA/irdma: Fix deadlock during netdev reset with active connections (bsc#1263064).
- CVE-2026-31579: wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit (bsc#1263074).
- CVE-2026-31586: mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (bsc#1263176).
- CVE-2026-31588: KVM: x86: Use scratch field in MMIO fragment to hold small write values (bsc#1263165).
- CVE-2026-31644: net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() (bsc#1263048).
- CVE-2026-31649: net: stmmac: fix integer underflow in chain mode (bsc#1263582).
- CVE-2026-31658: net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (bsc#1263052).
- CVE-2026-31662: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (bsc#1263131).
- CVE-2026-31666: btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (bsc#1263138).
- CVE-2026-31668: seg6: separate dst_cache for input and output paths in seg6 lwtunnel (bsc#1263140).
- CVE-2026-31669: mptcp: fix slab-use-after-free in __inet_lookup_established (bsc#1263141).
- CVE-2026-31675: net/sched: sch_netem: fix out-of-bounds access in packet corruption (bsc#1263556).
- CVE-2026-31678: openvswitch: defer tunnel netdev_put to RCU release (bsc#1263562).
- CVE-2026-31679: openvswitch: validate MPLS set/set_masked payload length (bsc#1263592).
- CVE-2026-31681: netfilter: xt_multiport: validate range encoding in checkentry (bsc#1263593).
- CVE-2026-31682: bridge: br_nd_send: linearize skb before parsing ND options (bsc#1263595).
- CVE-2026-31684: net: sched: act_csum: validate nested VLAN headers (bsc#1263596).
- CVE-2026-31685: netfilter: ip6t_eui64: reject invalid MAC header for all packets (bsc#1263668).
- CVE-2026-31691: igb: remove napi_synchronize() in igb_down() (bsc#1263604).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263901).
- CVE-2026-31700: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (bsc#1263882).
- CVE-2026-31738: vxlan: validate ND option lengths in vxlan_na_create (bsc#1264059).
- CVE-2026-31787: xen/privcmd: fix double free via VMA splitting (bsc#1262181).
- CVE-2026-43009: bpf: Fix incorrect pruning due to atomic fetch precision tracking (bsc#1264014).
- CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on new expectations (bsc#1263931).
- CVE-2026-43027: netfilter: nf_conntrack_helper: pass helper to expect cleanup (bsc#1263933).
- CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
- CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach() (bsc#1264097).
- CVE-2026-43045: mshv: Refactor and rename memory region handling functions (bsc#1263942).
- CVE-2026-43050: atm: lec: fix use-after-free in sock_def_readable() (bsc#1264082).
- CVE-2026-43060: netfilter: nft_ct: drop pending enqueued packets on removal (bsc#1264183).
- CVE-2026-43082: net: txgbe: leave space for null terminators on property_entry (bsc#1264233).
- CVE-2026-43088: net: af_key: zero aligned sockaddr tail in PF_KEY exports (bsc#1264469).
- CVE-2026-43153: xfs: remove xfs_attr_leaf_hasname (bsc#1264586).
- CVE-2026-43190: netfilter: xt_tcpmss: check remaining length before reading optlen (bsc#1264848).
- CVE-2026-43265: KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() (bsc#1264427).
- CVE-2026-43329: netfilter: flowtable: strictly check for maximum number of actions (bsc#1265085).
- CVE-2026-43365: xfs: fix undersized l_iclog_roundoff values (bsc#1265119).
- CVE-2026-43366: io_uring/kbuf: check if target buffer list is still legacy on recycle (bsc#1265116).
- CVE-2026-43441: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1264674).
- CVE-2026-43494: net/rds: reset op_nents when zerocopy page pin fails (bsc#1265626).
- CVE-2026-43503: net: skbuff: propagate shared-frag marker through frag-transfer helpers (bsc#1265960).

The following non security issues were fixed:

- accel/qaic: Add overflow check to remap_pfn_range during mmap (git-fixes).
- ACPI: AGDI: fix missing newline in error message (git-fixes).
- ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug (git-fixes).
- ACPI: scan: Use acpi_dev_put() in object add error paths (git-fixes).
- ACPI: video: Add backlight=native quirk for Dell OptiPlex 7770 AIO (git-fixes).
- ACPI: video: force native backlight on HP OMEN 16 (8A44) (stable-fixes).
- ACPI: video: Move Lenovo Legion S7 15ACH6 quirk to the right section (git-fixes).
- ALSA: 6fire: Fix input volume change detection (git-fixes).
- ALSA: 6fire: fix use-after-free on disconnect (git-fixes).
- ALSA: aoa: i2sbus: clear stale prepared state (git-fixes).
- ALSA: aoa: i2sbus: fix OF node lifetime handling (git-fixes).
- ALSA: aoa: Skip devices with no codecs in i2sbus_resume() (git-fixes).
- ALSA: aoa: Use guard() for mutex locks (stable-fixes).
- ALSA: asihpi: avoid write overflow check warning (stable-fixes).
- ALSA: caiaq: Don't abort when no input device is available (git-fixes).
- ALSA: caiaq: Fix control_put() result and cache rollback (git-fixes).
- ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path (git-fixes).
- ALSA: caiaq: fix usb_dev refcount leak on probe failure (git-fixes).
- ALSA: caiaq: Handle probe errors properly (git-fixes).
- ALSA: caiaq: take a reference on the USB device in create_card() (git-fixes).
- ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() (git-fixes).
- ALSA: core: Fix potential data race at fasync handling (git-fixes).
- ALSA: core: Serialize deferred fasync state checks (git-fixes).
- ALSA: core: Validate compress device numbers without dynamic minors (git-fixes).
- ALSA: ctxfi: Add fallback to default RSR for S/PDIF (git-fixes).
- ALSA: ctxfi: Fix missing SPDIFI1 index handling (stable-fixes).
- ALSA: ctxfi: Limit PTP to a single page (git-fixes).
- ALSA: firewire-tascam: Do not drop unread control events (git-fixes).
- ALSA: fireworks: bound device-supplied status before string array lookup (git-fixes).
- ALSA: hda/hdmi: Add quirk for TUXEDO IBS14G6 (stable-fixes).
- ALSA: hda/realtek - fixed speaker no sound update (git-fixes).
- ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx (stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC (stable-fixes).
- ALSA: hda/realtek: add quirk for Framework F111:000F (stable-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10 (stable-fixes).
- ALSA: hda/realtek: fix code style (ERROR: else should follow close brace '}') (git-fixes).
- ALSA: hda: cs35l41: Put ACPI device on missing physical node (git-fixes).
- ALSA: hda: cs35l56: Propagate ASP TX source control errors (git-fixes).
- ALSA: hda: cs35l56: Put ACPI device after setting companion (git-fixes).
- ALSA: hda: Fix NULL pointer dereference in snd_hda_ctl_add() (git-fixes).
- ALSA: misc: Use guard() for spin locks (stable-fixes).
- ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger (stable-fixes).
- ALSA: pcmtest: fix reference leak on failed device registration (git-fixes).
- ALSA: pcmtest: Fix resource leaks in module init error paths (git-fixes).
- ALSA: pcmtest: Return -EFAULT on pattern read copy failure (git-fixes).
- ALSA: sc6000: Keep the programmed board state in card-private data (git-fixes).
- ALSA: scarlett2: Add missing error check when initialise Autogain Status (git-fixes).
- ALSA: scarlett2: Add missing sentinel initializer field (git-fixes).
- ALSA: seq: Notify client and port info changes (stable-fixes).
- ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes (stable-fixes).
- ALSA: usb-audio: apply quirk for MOONDROP JU Jiu (stable-fixes).
- ALSA: usb-audio: Avoid false E-MU sample-rate notifications (git-fixes).
- ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Bound MIDI endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Evaluate packsize caps at the right place (git-fixes).
- ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch (git-fixes).
- ALSA: usb-audio: Fix potential leak of pd at parsing UAC3 streams (git-fixes).
- ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex (stable-fixes).
- ALSA: usb-audio: Fix UAC3 cluster descriptor size check (git-fixes).
- ALSA: usb-audio: midi2: Restart output URBs on resume (git-fixes).
- ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES (git-fixes).
- ALSA: virtio: drop an extaneous kernel-doc comment (git-fixes).
- amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2 (stable-fixes).
- ASoC: amd: acp: Add DMI quirk for Valve Steam Deck OLED (git-fixes).
- ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF (stable-fixes).
- ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product line in quirk table (stable-fixes).
- ASoC: codecs: ab8500: Fix casting of private data (git-fixes).
- ASoC: cs35l56: Destroy workqueue in probe error path (git-fixes).
- ASoC: cs35l56: Don't use devres to unregister component (git-fixes).
- ASoC: cs35l56: Fix hibernate write in runtime resume error path (git-fixes).
- ASoC: fsl_easrc: Change the type for iec958 channel status controls (git-fixes).
- ASoC: fsl_easrc: Check the variable range in fsl_easrc_iec958_put_bits() (git-fixes).
- ASoC: fsl_easrc: fix comment typo (git-fixes).
- ASoC: fsl_easrc: Fix value type in fsl_easrc_iec958_get_bits() (git-fixes).
- ASoC: fsl_micfil: Add access property for VAD Detected (git-fixes).
- ASoC: fsl_micfil: Fix event generation in hwvad_put_enable() (git-fixes).
- ASoC: fsl_micfil: Fix event generation in hwvad_put_init_mode() (git-fixes).
- ASoC: fsl_micfil: Fix event generation in micfil_put_dc_remover_state() (git-fixes).
- ASoC: fsl_micfil: Fix event generation in micfil_quality_set() (git-fixes).
- ASoC: fsl_xcvr: Fix event generation for cached controls (git-fixes).
- ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_arc_mode_put() (git-fixes).
- ASoC: fsl_xcvr: Fix event generation in fsl_xcvr_mode_put() (git-fixes).
- ASoC: Intel: bytcr_wm5102: Fix MCLK leak on platform_clock_control error (git-fixes).
- ASoC: qcom: q6apm-dai: reset queue ptr on trigger stop (git-fixes).
- ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens (git-fixes).
- ASoC: qcom: q6apm: move component registration to unmanaged version (git-fixes).
- ASoC: qcom: q6apm: remove child devices when apm is removed (git-fixes).
- ASoC: qcom: qdsp6: topology: check widget type before accessing data (git-fixes).
- ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list (stable-fixes).
- ASoC: SOF: compress: return the configured codec from get_params (git-fixes).
- ASoC: SOF: Don't allow pointer operations on unconfigured streams (git-fixes).
- ASoC: SOF: Intel: hda: Place check before dereference (git-fixes).
- ASoC: SOF: topology: reject invalid vendor array size in token parser (stable-fixes).
- ASoC: sti: Return errors from regmap_field_alloc() (git-fixes).
- ASoC: sti: use managed regmap_field allocations (git-fixes).
- ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B, LEFT_J (stable-fixes).
- ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585 (stable-fixes).
- backlight: sky81452-backlight: Check return value of devm_gpiod_get_optional() in sky81452_bl_parse_dt() (git-fixes).
- batman-adv: bla: only purge non-released claims (git-fixes).
- batman-adv: bla: prevent use-after-free when deleting claims (git-fixes).
- batman-adv: bla: put backbone reference on failed claim hash insert (git-fixes).
- batman-adv: fix integer overflow on buff_pos (git-fixes).
- batman-adv: hold claim backbone gateways by reference (git-fixes).
- batman-adv: reject new tp_meter sessions during teardown (git-fixes).
- batman-adv: reject oversized global TT response buffers (git-fixes).
- batman-adv: stop caching unowned originator pointers in BAT IV (git-fixes).
- bitfield: Add FIELD_MODIFY() helper (jsc#PED-14238).
- Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (git-fixes).
- Bluetooth: btmtk: validate WMT event SKB length before struct access (git-fixes).
- Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames (bsc#1260996).
- Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER (git-fixes).
- Bluetooth: hci_event: fix memset typo (git-fixes).
- Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt (git-fixes).
- Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (git-fixes).
- Bluetooth: hci_ldisc: Clear HCI_UART_PROTO_INIT on error (git-fixes).
- Bluetooth: HIDP: serialise l2cap_unregister_user via hidp_session_sem (git-fixes).
- Bluetooth: ISO: Fix data-race on dst in iso_sock_connect() (git-fixes).
- Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp (git-fixes).
- Bluetooth: l2cap: fix MPS check in l2cap_ecred_reconf_req (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() (git-fixes).
- Bluetooth: L2CAP: Fix printing wrong information if SDU length exceeds MTU (git-fixes).
- Bluetooth: RFCOMM: pull credit byte with skb_pull_data() (git-fixes).
- Bluetooth: SCO: check for codecs->num_codecs == 1 before assigning to sco_pi(sk)->codec (git-fixes).
- Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready (git-fixes).
- Bluetooth: SCO: hold sk properly in sco_conn_ready (git-fixes).
- Bluetooth: virtio_bt: clamp rx length before skb_put (git-fixes).
- Bluetooth: virtio_bt: validate rx pkt_type header length (git-fixes).
- bpf: Add third round of bounds deduction (git-fixes).
- bpf: Fix u32/s32 bounds when ranges cross min/max boundary (git-fixes).
- bpf: Improve bounds when s64 crosses sign boundary (git-fixes).
- bpf: Switch CONFIG_CFI_CLANG to CONFIG_CFI (git-fixes).
- btrfs: qgroup: update all parent qgroups when doing quick inherit (bsc#1258933).
- btrfs: reject root items with drop_progress and zero drop_level (git-fixes).
- btrfs: replace BUG() with error handling in __btrfs_balance() (git-fixes).
- bus: mhi: host: pci_generic: Switch to async power up to avoid boot delays (git-fixes).
- bus: rifsc: fix RIF configuration check for peripherals (git-fixes).
- can: mcp251x: add error handling for power enable in open and resume (stable-fixes).
- can: raw: fix ro->uniq use-after-free in raw_rcv() (git-fixes).
- can: ucan: fix devres lifetime (git-fixes).
- cdc-acm: new quirk for EPSON HMD (stable-fixes).
- check-for-config-changes: Exclude CC_MS_EXTENSIONS.
- check-for-config-changes: Exclude HAVE_CFI_ICALL_NORMALIZE_INTEGERS{,_RUSTC}.
- comedi: dt2815: add hardware detection to prevent crash (stable-fixes).
- cpufreq: intel_pstate: Drop Arrow Lake from scaling factor list (bsc#1249104).
- crypto: af_alg - limit RX SG extraction by receive buffer budget (git-fixes).
- crypto: algif_aead - Fix minimum RX size check for decryption (git-fixes).
- crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup (git-fixes).
- crypto: atmel-ecc - Release client on allocation failure (git-fixes).
- crypto: atmel-sha204a - Fix error codes in OTP reads (git-fixes).
- crypto: atmel-sha204a - Fix OTP sysfs read and error handling (git-fixes).
- crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path (git-fixes).
- crypto: atmel-sha204a - Fix uninitialized data access on OTP read error (git-fixes).
- crypto: atmel-tdes - fix DMA sync direction (git-fixes).
- crypto: ccp - copy IV using skcipher ivsize (git-fixes).
- crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (git-fixes).
- crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (git-fixes).
- crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (git-fixes).
- crypto: ccree - fix a memory leak in cc_mac_digest() (git-fixes).
- crypto: drivers - Switch back to struct platform_driver::remove() (jsc#PED-14238).
- crypto: drivers - Use str_enable_disable-like helpers (jsc#PED-14238).
- crypto: hisilicon - Fix dma_unmap_single() direction (git-fixes).
- crypto: iaa - Adjust workqueue allocation type (jsc#PED-14238).
- crypto: iaa - fix per-node CPU counter reset in rebalance_wq_table() (git-fixes).
- crypto: iaa - Move compression CRC into request object (jsc#PED-14238).
- crypto: iaa - Optimize rebalance_wq_table() (jsc#PED-14238).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-14238).
- crypto: iaa - Remove unreachable pr_debug from iaa_crypto_cleanup_module (jsc#PED-14238).
- crypto: iaa - Remove unused disable_async argument from iaa_decompress (jsc#PED-14238).
- crypto: iaa - Replace sprintf with sysfs_emit in sysfs show functions (jsc#PED-14238).
- crypto: iaa - Simplify init_iaa_device() (jsc#PED-14238).
- crypto: jitterentropy - replace long-held spinlock with mutex (git-fixes).
- crypto: nx - Fix packed layout in struct nx842_crypto_header (git-fixes).
- crypto: pcrypt - Fix handling of MAY_BACKLOG requests (git-fixes).
- crypto: qat - #undef field_get() before local definition (jsc#PED-14238).
- crypto: qat - add adf_rl_get_num_svc_aes() in rate limiting (jsc#PED-14238).
- crypto: qat - add bank state save and restore for qat_420xx (jsc#PED-14238).
- crypto: qat - add command queue telemetry counters for GEN6 (jsc#PED-14238).
- crypto: qat - add compression slice count for rate limiting (jsc#PED-14238).
- crypto: qat - add decompression service for rate limiting (jsc#PED-14238).
- crypto: qat - add decompression service to telemetry (jsc#PED-14238).
- crypto: qat - add firmware headers for GEN6 devices (jsc#PED-14238).
- crypto: qat - add GEN6 firmware loader (jsc#PED-14238).
- crypto: qat - add get_svc_slice_cnt() in device data structure (jsc#PED-14238).
- crypto: qat - add live migration enablers for GEN6 devices (jsc#PED-14238).
- crypto: qat - add macro to write 64-bit values to registers (jsc#PED-14238).
- crypto: qat - add missing header inclusion (jsc#PED-14238).
- crypto: qat - add qat_6xxx driver (jsc#PED-14238).
- crypto: qat - add ring buffer idle telemetry counter for GEN6 (jsc#PED-14238).
- crypto: qat - add support for decompression service to GEN6 devices (jsc#PED-14238).
- crypto: qat - consolidate service enums (jsc#PED-14238).
- crypto: qat - Constify struct pm_status_row (jsc#PED-14238).
- crypto: qat - disable 4xxx AE cluster when lead engine is fused off (git-fixes).
- crypto: qat - disable 420xx AE cluster when lead engine is fused off (git-fixes).
- crypto: qat - do not export adf_cfg_services (jsc#PED-14238).
- crypto: qat - enable power management debugfs for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable RAS support for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable rate limiting feature for GEN6 devices (jsc#PED-14238).
- crypto: qat - enable reporting of ...

Please note that the description has been truncated due to length. Please refer to vendor advisory for the full description.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 318102

File Name: openSUSE-2026-20826-1.nasl

Version: 1.1

Type: Local

Agent: unix

Family: SuSE Local Security Checks

Published: 6/1/2026

Updated: 6/1/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.5

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:L/Au:M/C:N/I:P/A:N

CVSS Score Source: CVE-2023-2058

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2026-23395

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:gfs2-kmp-default, p-cpe:/a:novell:opensuse:dtb-nvidia, p-cpe:/a:novell:opensuse:dtb-freescale, p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-rt-extra, p-cpe:/a:novell:opensuse:dtb-allwinner, p-cpe:/a:novell:opensuse:dtb-socionext, p-cpe:/a:novell:opensuse:dtb-amd, p-cpe:/a:novell:opensuse:cluster-md-kmp-default, p-cpe:/a:novell:opensuse:dtb-exynos, p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb, p-cpe:/a:novell:opensuse:dtb-mediatek, p-cpe:/a:novell:opensuse:dtb-amlogic, p-cpe:/a:novell:opensuse:cluster-md-kmp-rt, p-cpe:/a:novell:opensuse:dtb-arm, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:dtb-qcom, p-cpe:/a:novell:opensuse:dtb-sprd, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:dtb-altera, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kselftests-kmp-rt, p-cpe:/a:novell:opensuse:dlm-kmp-azure, p-cpe:/a:novell:opensuse:gfs2-kmp-rt, p-cpe:/a:novell:opensuse:kernel-64kb-optional, p-cpe:/a:novell:opensuse:kernel-rt-vdso, p-cpe:/a:novell:opensuse:dtb-hisilicon, p-cpe:/a:novell:opensuse:dtb-marvell, p-cpe:/a:novell:opensuse:kernel-azure-optional, p-cpe:/a:novell:opensuse:kernel-kvmsmall, p-cpe:/a:novell:opensuse:dlm-kmp-default, p-cpe:/a:novell:opensuse:dtb-apm, p-cpe:/a:novell:opensuse:cluster-md-kmp-azure, p-cpe:/a:novell:opensuse:dtb-renesas, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-rt, p-cpe:/a:novell:opensuse:kernel-azure-vdso, p-cpe:/a:novell:opensuse:kselftests-kmp-64kb, p-cpe:/a:novell:opensuse:kernel-kvmsmall-vdso, p-cpe:/a:novell:opensuse:ocfs2-kmp-rt, p-cpe:/a:novell:opensuse:dtb-rockchip, p-cpe:/a:novell:opensuse:gfs2-kmp-azure, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-azure, p-cpe:/a:novell:opensuse:dlm-kmp-64kb, cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:dtb-apple, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:dtb-amazon, p-cpe:/a:novell:opensuse:dlm-kmp-rt, p-cpe:/a:novell:opensuse:kernel-64kb-extra, p-cpe:/a:novell:opensuse:dtb-broadcom, p-cpe:/a:novell:opensuse:kernel-azure-extra, p-cpe:/a:novell:opensuse:kernel-zfcpdump, p-cpe:/a:novell:opensuse:dtb-cavium, p-cpe:/a:novell:opensuse:dtb-lg, p-cpe:/a:novell:opensuse:kernel-rt-optional, p-cpe:/a:novell:opensuse:kernel-default-vdso, p-cpe:/a:novell:opensuse:kselftests-kmp-default, p-cpe:/a:novell:opensuse:ocfs2-kmp-azure, p-cpe:/a:novell:opensuse:dtb-xilinx, p-cpe:/a:novell:opensuse:kernel-64kb, p-cpe:/a:novell:opensuse:kernel-default-optional, p-cpe:/a:novell:opensuse:ocfs2-kmp-default, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:gfs2-kmp-64kb, p-cpe:/a:novell:opensuse:kselftests-kmp-azure, p-cpe:/a:novell:opensuse:kernel-syms

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/28/2026

Vulnerability Publication Date: 4/14/2023

Reference Information

CVE: CVE-2023-2058, CVE-2024-14027, CVE-2025-40181, CVE-2025-40219, CVE-2025-68265, CVE-2025-68310, CVE-2025-71238, CVE-2025-71268, CVE-2025-71269, CVE-2025-71302, CVE-2026-23168, CVE-2026-23209, CVE-2026-23236, CVE-2026-23237, CVE-2026-23245, CVE-2026-23246, CVE-2026-23253, CVE-2026-23260, CVE-2026-23261, CVE-2026-23264, CVE-2026-23266, CVE-2026-23268, CVE-2026-23269, CVE-2026-23271, CVE-2026-23273, CVE-2026-23276, CVE-2026-23279, CVE-2026-23290, CVE-2026-23291, CVE-2026-23298, CVE-2026-23300, CVE-2026-23307, CVE-2026-23312, CVE-2026-23313, CVE-2026-23315, CVE-2026-23316, CVE-2026-23317, CVE-2026-23318, CVE-2026-23321, CVE-2026-23324, CVE-2026-23325, CVE-2026-23334, CVE-2026-23336, CVE-2026-23339, CVE-2026-23340, CVE-2026-23346, CVE-2026-23347, CVE-2026-23351, CVE-2026-23354, CVE-2026-23357, CVE-2026-23360, CVE-2026-23362, CVE-2026-23363, CVE-2026-23365, CVE-2026-23367, CVE-2026-23368, CVE-2026-23369, CVE-2026-23370, CVE-2026-23372, CVE-2026-23373, CVE-2026-23374, CVE-2026-23375, CVE-2026-23378, CVE-2026-23382, CVE-2026-23387, CVE-2026-23391, CVE-2026-23392, CVE-2026-23395, CVE-2026-23396, CVE-2026-23397, CVE-2026-23399, CVE-2026-23401, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411, CVE-2026-23417, CVE-2026-23418, CVE-2026-23420, CVE-2026-23426, CVE-2026-23434, CVE-2026-23436, CVE-2026-23437, CVE-2026-23440, CVE-2026-23441, CVE-2026-23442, CVE-2026-23443, CVE-2026-23445, CVE-2026-23446, CVE-2026-23447, CVE-2026-23448, CVE-2026-23449, CVE-2026-23450, CVE-2026-23452, CVE-2026-23454, CVE-2026-23455, CVE-2026-23456, CVE-2026-23457, CVE-2026-23458, CVE-2026-23460, CVE-2026-23461, CVE-2026-23462, CVE-2026-23463, CVE-2026-23464, CVE-2026-23465, CVE-2026-23466, CVE-2026-23468, CVE-2026-23470, CVE-2026-23472, CVE-2026-23474, CVE-2026-23475, CVE-2026-31389, CVE-2026-31392, CVE-2026-31393, CVE-2026-31394, CVE-2026-31395, CVE-2026-31400, CVE-2026-31402, CVE-2026-31403, CVE-2026-31405, CVE-2026-31406, CVE-2026-31407, CVE-2026-31408, CVE-2026-31411, CVE-2026-31412, CVE-2026-31415, CVE-2026-31416, CVE-2026-31417, CVE-2026-31420, CVE-2026-31421, CVE-2026-31422, CVE-2026-31423, CVE-2026-31424, CVE-2026-31425, CVE-2026-31426, CVE-2026-31427, CVE-2026-31428, CVE-2026-31435, CVE-2026-31449, CVE-2026-31453, CVE-2026-31456, CVE-2026-31470, CVE-2026-31494, CVE-2026-31496, CVE-2026-31503, CVE-2026-31504, CVE-2026-31505, CVE-2026-31507, CVE-2026-31515, CVE-2026-31519, CVE-2026-31525, CVE-2026-31526, CVE-2026-31528, CVE-2026-31533, CVE-2026-31547, CVE-2026-31550, CVE-2026-31554, CVE-2026-31565, CVE-2026-31579, CVE-2026-31586, CVE-2026-31588, CVE-2026-31644, CVE-2026-31649, CVE-2026-31658, CVE-2026-31662, CVE-2026-31666, CVE-2026-31668, CVE-2026-31669, CVE-2026-31675, CVE-2026-31678, CVE-2026-31679, CVE-2026-31681, CVE-2026-31682, CVE-2026-31684, CVE-2026-31685, CVE-2026-31691, CVE-2026-31694, CVE-2026-31700, CVE-2026-31738, CVE-2026-31787, CVE-2026-43009, CVE-2026-43025, CVE-2026-43027, CVE-2026-43037, CVE-2026-43038, CVE-2026-43045, CVE-2026-43050, CVE-2026-43060, CVE-2026-43082, CVE-2026-43088, CVE-2026-43153, CVE-2026-43190, CVE-2026-43265, CVE-2026-43329, CVE-2026-43365, CVE-2026-43366, CVE-2026-43441, CVE-2026-43494, CVE-2026-43503, CVE-2026-46333

Detections

Analytics