Detections
Analytics

SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2026:2638-1)

high Nessus Plugin ID 323029

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2638-1 advisory.

 The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues

 The following security issues were fixed:

 - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs (bsc#1266290).
 - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work (bsc#1255416).
 - CVE-2026-23392: netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1260531).
 - CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (bsc#1262663).
 - CVE-2026-31500: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (bsc#1262993).
 - CVE-2026-31613: smb: client: fix OOB reads parsing symlink error response (bsc#1263769).
 - CVE-2026-31697: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (bsc#1264116).
 - CVE-2026-31698: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (bsc#1263880).
 - CVE-2026-31699: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (bsc#1263879).
 - CVE-2026-31759: usb: ulpi: fix double free in ulpi_register_interface() error path (bsc#1264076).
 - CVE-2026-43077: crypto: algif_aead - Fix minimum RX size check for decryption (bsc#1264470).
 - CVE-2026-43198: tcp: fix potential race in tcp_v6_syn_recv_sock() (bsc#1264610).
 - CVE-2026-45984: gfs2: Move the inode glock locking to gfs2_file_buffered_write (bsc#1267214).
 - CVE-2026-46037: ipv4: icmp: validate reply type before using icmp_pointers (bsc#1267361).
 - CVE-2026-46116: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (bsc#1267369).
 - CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink() (bsc#1267640).
 - CVE-2026-46123: Bluetooth: virtio_bt: clamp rx length before skb_put (bsc#1267621).
 - CVE-2026-46150: fanotify: fix false positive on permission events (bsc#1267387).
 - CVE-2026-46159: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (bsc#1267652).
 - CVE-2026-46197: drm/amdkfd: validate SVM ioctl nattr against buffer size (bsc#1267381).
 - CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (bsc#1267697).

 The following non security issues were fixed:

 - smb: client: correctly handle ErrorContextData as a flexible array (git-fixes).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1255416

https://bugzilla.suse.com/1258538

https://bugzilla.suse.com/1260531

https://bugzilla.suse.com/1262663

https://bugzilla.suse.com/1262993

https://bugzilla.suse.com/1263769

https://bugzilla.suse.com/1263879

https://bugzilla.suse.com/1263880

https://bugzilla.suse.com/1264076

https://bugzilla.suse.com/1264116

https://bugzilla.suse.com/1264470

https://bugzilla.suse.com/1264610

https://bugzilla.suse.com/1266214

https://bugzilla.suse.com/1266290

https://bugzilla.suse.com/1267214

https://bugzilla.suse.com/1267361

https://bugzilla.suse.com/1267369

https://bugzilla.suse.com/1267381

https://bugzilla.suse.com/1267387

https://bugzilla.suse.com/1267621

https://bugzilla.suse.com/1267640

https://bugzilla.suse.com/1267652

https://bugzilla.suse.com/1267697

https://lists.suse.com/pipermail/sle-updates/2026-June/047641.html

https://www.suse.com/security/cve/CVE-2025-10263

https://www.suse.com/security/cve/CVE-2025-68324

https://www.suse.com/security/cve/CVE-2026-23392

https://www.suse.com/security/cve/CVE-2026-31473

https://www.suse.com/security/cve/CVE-2026-31500

https://www.suse.com/security/cve/CVE-2026-31613

https://www.suse.com/security/cve/CVE-2026-31697

https://www.suse.com/security/cve/CVE-2026-31698

https://www.suse.com/security/cve/CVE-2026-31699

https://www.suse.com/security/cve/CVE-2026-31759

https://www.suse.com/security/cve/CVE-2026-43077

https://www.suse.com/security/cve/CVE-2026-43198

https://www.suse.com/security/cve/CVE-2026-45984

https://www.suse.com/security/cve/CVE-2026-46037

https://www.suse.com/security/cve/CVE-2026-46116

https://www.suse.com/security/cve/CVE-2026-46120

https://www.suse.com/security/cve/CVE-2026-46123

https://www.suse.com/security/cve/CVE-2026-46150

https://www.suse.com/security/cve/CVE-2026-46159

https://www.suse.com/security/cve/CVE-2026-46197

https://www.suse.com/security/cve/CVE-2026-46227

Plugin Details

Severity: High

ID: 323029

File Name: suse_SU-2026-2638-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/26/2026

Updated: 6/26/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-31759

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-livepatch-5_14_21-150400_24_225-default, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/26/2026

Vulnerability Publication Date: 12/18/2025

Reference Information

CVE: CVE-2025-10263, CVE-2025-68324, CVE-2026-23392, CVE-2026-31473, CVE-2026-31500, CVE-2026-31613, CVE-2026-31697, CVE-2026-31698, CVE-2026-31699, CVE-2026-31759, CVE-2026-43077, CVE-2026-43198, CVE-2026-45984, CVE-2026-46037, CVE-2026-46116, CVE-2026-46120, CVE-2026-46123, CVE-2026-46150, CVE-2026-46159, CVE-2026-46197, CVE-2026-46227

SuSE: SUSE-SU-2026:2638-1