SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2450-1)

medium Nessus Plugin ID 321690

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2450-1 advisory.

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-10263: arm64: Add workaround for Cortex-A76 erratum 1286807 (bsc#1266290).
- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
- CVE-2025-68822: Input: alps - fix use-after-free bugs caused by dev3_register_work (bsc#1256668).
- CVE-2026-3150: bcache: fix cached_dev.sb_bio use-after-free and crash (bsc#1263169).
- CVE-2026-23271: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (bsc#1260018).
- CVE-2026-23279: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (bsc#1260468).
- CVE-2026-23303: smb: client: Don't log plaintext credentials in cifs_set_cifscreds (bsc#1260502).
- CVE-2026-23367: wifi: radiotap: reject radiotap with unknown bits (bsc#1260731).
- CVE-2026-23396: wifi: mac80211: fix NULL deref in mesh_matches_local() (bsc#1260729).
- CVE-2026-23444: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure (bsc#1266307).
- CVE-2026-23448: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (bsc#1261750).
- CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables (bsc#1261700).
- CVE-2026-31415: ipv6: avoid overflows in ip6_datagram_send_ctl() (bsc#1262099).
- CVE-2026-31421: net/sched: cls_fw: fix NULL pointer dereference on shared blocks (bsc#1262061).
- CVE-2026-31447: ext4: reject mount if bigalloc with s_first_data_block != 0 (bsc#1262614).
- CVE-2026-31452: ext4: convert inline data to extents when truncate exceeds inline size (bsc#1262620).
- CVE-2026-31464: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (bsc#1262656).
- CVE-2026-31469: virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (bsc#1267816).
- CVE-2026-31498: Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (bsc#1262751).
- CVE-2026-31500: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (bsc#1262993).
- CVE-2026-31515: af_key: validate families in pfkey_send_migrate() (bsc#1262752).
- CVE-2026-31516: xfrm: prevent policy_hthresh.work from racing with netns teardown (bsc#1262755).
- CVE-2026-31532: can: af_can: export can_sock_destruct() (bsc#1262757).
- CVE-2026-31540: drm/i915/gt: Check set_default_submission() before deferencing (bsc#1263011).
- CVE-2026-31546: net: bonding: fix NULL deref in bond_debug_rlb_hash_show (bsc#1263006).
- CVE-2026-31588: KVM: x86: Use scratch field in MMIO fragment to hold small write values (bsc#1263165).
- CVE-2026-31590: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (bsc#1263152).
- CVE-2026-31596: ocfs2: handle invalid dinode in ocfs2_group_extend (bsc#1263319).
- CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks (bsc#1263790).
- CVE-2026-31664: string.h: Introduce memset_after() for wiping trailing members/padding (bsc#1263578).
- CVE-2026-31668: seg6: separate dst_cache for input and output paths in seg6 lwtunnel (bsc#1263140).
- CVE-2026-31671: xfrm_user: fix info leak in build_report() (bsc#1263115).
- CVE-2026-31673: af_unix: read UNIX_DIAG_VFS data under unix_state_lock (bsc#1263143).
- CVE-2026-31674: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (bsc#1263568).
- CVE-2026-31678: openvswitch: defer tunnel netdev_put to RCU release (bsc#1263562).
- CVE-2026-31759: usb: ulpi: fix double free in ulpi_register_interface() error path (bsc#1264076).
- CVE-2026-31778: ALSA: caiaq: fix stack out-of-bounds read in init_card (bsc#1263923).
- CVE-2026-43020: Bluetooth: MGMT: validate LTK enc_size on load (bsc#1264006).
- CVE-2026-43024: netfilter: nf_tables: reject immediate NF_QUEUE verdict (bsc#1263930).
- CVE-2026-43026: netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (bsc#1263932).
- CVE-2026-43028: netfilter: x_tables: ensure names are nul-terminated (bsc#1263934).
- CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
- CVE-2026-43038: ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach() (bsc#1264097).
- CVE-2026-43040: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info- leak (bsc#1264091).
- CVE-2026-43052: wifi: mac80211: check tdls flag in ieee80211_tdls_oper (bsc#1263945).
- CVE-2026-43077: crypto: algif_aead - Fix minimum RX size check for decryption (bsc#1264470).
- CVE-2026-43140: HID: magicmouse: Do not crash on missing msc->input (bsc#1264630).
- CVE-2026-43158: xfs: fix freemap adjustments when adding xattrs to leaf blocks (bsc#1264595).
- CVE-2026-43187: xfs: delete attr leaf freemap entries when empty (bsc#1264603).
- CVE-2026-43198: tcp: fix potential race in tcp_v6_syn_recv_sock() (bsc#1264610).
- CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (bsc#1264551).
- CVE-2026-43234: team: avoid NETDEV_CHANGEMTU event when unregistering slave (bsc#1264409).
- CVE-2026-43338: btrfs: reserve enough transaction items for qgroup ioctls (bsc#1264716).
- CVE-2026-43339: ipv6: prevent possible UaF in addrconf_permanent_addr() (bsc#1264763).
- CVE-2026-43359: btrfs: fix transaction abort on set received ioctl due to item overflow (bsc#1264719).
- CVE-2026-43361: btrfs: fix transaction abort when snapshotting received subvolumes (bsc#1264722).
- CVE-2026-43407: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (bsc#1265020).
- CVE-2026-43413: scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1264671).
- CVE-2026-43414: scsi: qla2xxx: Completely fix fcport double free (bsc#1264669).
- CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).
- CVE-2026-43503: net: skbuff: propagate shared-frag marker through frag-transfer helpers (bsc#1265960).
- CVE-2026-45835: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() (bsc#1266411).
- CVE-2026-45841: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO (bsc#1266390).
- CVE-2026-45842: slip: reject VJ receive packets on instances with no rstate array (bsc#1266400).
- CVE-2026-45843: slip: bound decode() reads against the compressed packet length (bsc#1266395).
- CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).
- CVE-2026-45870: SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths (bsc#1266704).
- CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267205).
- CVE-2026-45983: nfsd: never defer requests during idmap lookup (bsc#1266697).
- CVE-2026-46021: thermal: core: Fix thermal zone governor cleanup issues (bsc#1267220).
- CVE-2026-46024: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (bsc#1267218).
- CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).
- CVE-2026-46090: ALSA: aloop: Fix peer runtime UAF during format-change stop (bsc#1267531).
- CVE-2026-46113: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (bsc#1266969).
- CVE-2026-46116: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (bsc#1267369).
- CVE-2026-46150: fanotify: fix false positive on permission events (bsc#1267387).
- CVE-2026-46157: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger (bsc#1267726).
- CVE-2026-46159: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (bsc#1267652).
- CVE-2026-46160: btrfs: fix missing last_unlink_trans update when removing a directory (bsc#1267624).
- CVE-2026-46169: hfsplus: fix uninit-value by validating catalog record size (bsc#1267713).
- CVE-2026-46181: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (bsc#1266826).
- CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (bsc#1266238).
- CVE-2026-46259: procfs: fix missing RCU protection when reading real_parent in do_task_stat() (bsc#1267685).
- CVE-2026-46273: ibmveth: Disable GSO for packets with small MSS (bsc#1267651).

The following non security issues were fixed:

- arm64: tlb: Allow XZR argument to TLBI ops (git-fixes).
- arm64: tlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI (git-fixes).
- bcache: fix uninitialized closure object (git-fixes).
- check-for-config-changes: Exclude CC_MS_EXTENSIONS.
- check-for-config-changes: Exclude HAVE_CFI_ICALL_NORMALIZE_INTEGERS{,_RUSTC}.
- kvm/svm: PKU not currently supported (bsc#1263887).
- KVM: x86: Handle PKU CPUID adjustment in VMX code (bsc#1263887).
- mkspec: Add signature to source list only when it exists.
- net/sched: cls_fw: fix NULL dereference of 'old' filters before change() (git-fixes).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: Medium

ID: 321690

File Name: suse_SU-2026-2450-1.nasl

Version: 1.1

Type: Local

Agent: unix

Family: SuSE Local Security Checks

Published: 6/20/2026

Updated: 6/20/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2026-3150

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 5.3

Threat Score: 2.1

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_317-default, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-default-man

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/18/2026

Vulnerability Publication Date: 12/4/2025

Reference Information

CVE: CVE-2025-10263, CVE-2025-40253, CVE-2025-68324, CVE-2025-68822, CVE-2026-23271, CVE-2026-23279, CVE-2026-23303, CVE-2026-23367, CVE-2026-23396, CVE-2026-23444, CVE-2026-23448, CVE-2026-31405, CVE-2026-31415, CVE-2026-31421, CVE-2026-31447, CVE-2026-31452, CVE-2026-31464, CVE-2026-31469, CVE-2026-31498, CVE-2026-3150, CVE-2026-31500, CVE-2026-31515, CVE-2026-31516, CVE-2026-31532, CVE-2026-31540, CVE-2026-31546, CVE-2026-31588, CVE-2026-31590, CVE-2026-31596, CVE-2026-31629, CVE-2026-31664, CVE-2026-31668, CVE-2026-31671, CVE-2026-31673, CVE-2026-31674, CVE-2026-31678, CVE-2026-31759, CVE-2026-31778, CVE-2026-43020, CVE-2026-43024, CVE-2026-43026, CVE-2026-43028, CVE-2026-43037, CVE-2026-43038, CVE-2026-43040, CVE-2026-43052, CVE-2026-43077, CVE-2026-43140, CVE-2026-43158, CVE-2026-43187, CVE-2026-43198, CVE-2026-43206, CVE-2026-43234, CVE-2026-43338, CVE-2026-43339, CVE-2026-43359, CVE-2026-43361, CVE-2026-43407, CVE-2026-43413, CVE-2026-43414, CVE-2026-43499, CVE-2026-43503, CVE-2026-45835, CVE-2026-45841, CVE-2026-45842, CVE-2026-45843, CVE-2026-45852, CVE-2026-45870, CVE-2026-45970, CVE-2026-45983, CVE-2026-46021, CVE-2026-46024, CVE-2026-46043, CVE-2026-46090, CVE-2026-46113, CVE-2026-46116, CVE-2026-46150, CVE-2026-46157, CVE-2026-46159, CVE-2026-46160, CVE-2026-46169, CVE-2026-46181, CVE-2026-46259, CVE-2026-46273

SuSE: SUSE-SU-2026:2450-1

Detections

Analytics