SUSE SLED15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2026:2482-1)

high Nessus Plugin ID 323086

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2482-1 advisory.

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235).
- CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work (bsc#1255416).
- CVE-2026-3150: bcache: fix cached_dev.sb_bio use-after-free and crash (bsc#1263169).
- CVE-2026-23303: smb: client: Don't log plaintext credentials in cifs_set_cifscreds (bsc#1260502).
- CVE-2026-23327: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() (bsc#1260548).
- CVE-2026-23359: bpf: Fix stack-out-of-bounds write in devmap (bsc#1260584).
- CVE-2026-23438: net: mvpp2: guard flow control update with global_tx_fc in buffer switching (bsc#1261619).
- CVE-2026-23444: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure (bsc#1266307).
- CVE-2026-31396: net: macb: fix use-after-free access to PTP clock (bsc#1261791).
- CVE-2026-31446: ext4: fix use-after-free in update_super_work when racing with umount (bsc#1262619).
- CVE-2026-31448: ext4: avoid infinite loops caused by residual data (bsc#1262622).
- CVE-2026-31454: xfs: save ailp before dropping the AIL lock in push callbacks (bsc#1262624).
- CVE-2026-31455: xfs: stop reclaim before pushing AIL during unmount (bsc#1262615).
- CVE-2026-31464: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (bsc#1262656).
- CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (bsc#1262663).
- CVE-2026-31480: tracing: Fix potential deadlock in cpu hotplug with osnoise (bsc#1262634).
- CVE-2026-31493: RDMA/efa: Fix use of completion ctx after free (bsc#1262668).
- CVE-2026-31516: xfrm: prevent policy_hthresh.work from racing with netns teardown (bsc#1262755).
- CVE-2026-31518: esp: fix skb leak with espintcp and async crypto (bsc#1262606).
- CVE-2026-31546: net: bonding: fix NULL deref in bond_debug_rlb_hash_show (bsc#1263006).
- CVE-2026-31590: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (bsc#1263152).
- CVE-2026-31591: KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish (bsc#1263122).
- CVE-2026-31596: ocfs2: handle invalid dinode in ocfs2_group_extend (bsc#1263319).
- CVE-2026-31613: smb: client: fix OOB reads parsing symlink error response (bsc#1263769).
- CVE-2026-31614: smb: client: fix off-by-8 bounds check in check_wsl_eas() (bsc#1263774).
- CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks (bsc#1263790).
- CVE-2026-31655: pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (bsc#1263724).
- CVE-2026-31671: xfrm_user: fix info leak in build_report() (bsc#1263115).
- CVE-2026-31673: af_unix: read UNIX_DIAG_VFS data under unix_state_lock (bsc#1263143).
- CVE-2026-31678: openvswitch: defer tunnel netdev_put to RCU release (bsc#1263562).
- CVE-2026-31703: writeback: Fix use after free in inode_switch_wbs_work_fn() (bsc#1263883).
- CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release (bsc#1264093).
- CVE-2026-31767: drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode (bsc#1264124).
- CVE-2026-31774: io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() (bsc#1264040).
- CVE-2026-43013: net/mlx5: lag: Check for LAG device before creating debugfs (bsc#1264011).
- CVE-2026-43026: netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (bsc#1263932).
- CVE-2026-43030: bpf: Fix regsafe() for pointers to packet (bsc#1264000).
- CVE-2026-43040: net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info- leak (bsc#1264091).
- CVE-2026-43052: wifi: mac80211: check tdls flag in ieee80211_tdls_oper (bsc#1263945).
- CVE-2026-43054: scsi: target: tcm_loop: Drain commands in target_reset handler (bsc#1264063).
- CVE-2026-43059: Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (bsc#1264184).
- CVE-2026-43065: ext4: always drain queued discard work in ext4_mb_release() (bsc#1264243).
- CVE-2026-43066: ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (bsc#1264245).
- CVE-2026-43068: ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (bsc#1264255).
- CVE-2026-43109: x86: shadow stacks: proper error handling for mmap lock (bsc#1264484).
- CVE-2026-43150: perf/arm-cmn: Ensure dtm_idx is big enough (bsc#1264415).
- CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (bsc#1264551).
- CVE-2026-43234: team: avoid NETDEV_CHANGEMTU event when unregistering slave (bsc#1264409).
- CVE-2026-43249: 9p/xen: protect xen_9pfs_front_free against concurrent calls (bsc#1264476).
- CVE-2026-43252: mptcp: pm: in-kernel: always set ID as avail when rm endp (bsc#1264300).
- CVE-2026-43261: arm64: Add support for TSV110 Spectre-BHB mitigation (bsc#1264430).
- CVE-2026-43296: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky (bsc#1264805).
- CVE-2026-43325: wifi: iwlwifi: mvm: don't send a 6E related command when not supported (bsc#1265110).
- CVE-2026-43333: bpf: reject direct access to nullable PTR_TO_BUF pointers (bsc#1264726).
- CVE-2026-43338: btrfs: reserve enough transaction items for qgroup ioctls (bsc#1264716).
- CVE-2026-43341: net/ipv6: ioam6: prevent schema length wraparound in trace fill (bsc#1265044).
- CVE-2026-43359: btrfs: fix transaction abort on set received ioctl due to item overflow (bsc#1264719).
- CVE-2026-43360: btrfs: fix transaction abort on file creation due to name hash collision (bsc#1264720).
- CVE-2026-43361: btrfs: fix transaction abort when snapshotting received subvolumes (bsc#1264722).
- CVE-2026-43362: smb: client: fix in-place encryption corruption in SMB2_write() (bsc#1264989).
- CVE-2026-43406: libceph: prevent potential out-of-bounds reads in process_message_header() (bsc#1265073).
- CVE-2026-43407: libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (bsc#1265020).
- CVE-2026-43411: tipc: fix divide-by-zero in tipc_sk_filter_connect() (bsc#1264672).
- CVE-2026-43413: scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1264671).
- CVE-2026-43414: scsi: qla2xxx: Completely fix fcport double free (bsc#1264669).
- CVE-2026-43455: net: mctp: Ensure keys maintain only one ref to corresponding dev (bsc#1264765).
- CVE-2026-43470: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir (bsc#1265128).
- CVE-2026-43483: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated (bsc#1265240).
- CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).
- CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266009).
- CVE-2026-45842: slip: reject VJ receive packets on instances with no rstate array (bsc#1266400).
- CVE-2026-45843: slip: bound decode() reads against the compressed packet length (bsc#1266395).
- CVE-2026-45846: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() (bsc#1266394).
- CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).
- CVE-2026-45856: RDMA/uverbs: Validate wqe_size before using it in ib_uverbs_post_send (bsc#1266720).
- CVE-2026-45878: drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 (bsc#1266767).
- CVE-2026-45886: bpf: Fix bpf_xdp_store_bytes proto for read-only arg (bsc#1266810).
- CVE-2026-45898: RDMA/iwcm: Fix workqueue list corruption by removing work_list (bsc#1266888).
- CVE-2026-45910: RDMA/rxe: Fix race condition in QP timer handlers (bsc#1266889).
- CVE-2026-45932: bpf: Fix tcx/netkit detach permissions when prog fd isn't given (bsc#1266827).
- CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267205).
- CVE-2026-45983: nfsd: never defer requests during idmap lookup (bsc#1266697).
- CVE-2026-45984: gfs2: Add metapath_dibh helper (bsc#1267214).
- CVE-2026-46004: ALSA: caiaq: Handle probe errors properly (bsc#1267222).
- CVE-2026-46021: thermal: core: Fix thermal zone governor cleanup issues (bsc#1267220).
- CVE-2026-46024: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (bsc#1267218).
- CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).
- CVE-2026-46079: rbd: fix null-ptr-deref when device_add_disk() fails (bsc#1266452).
- CVE-2026-46083: spi: fix resource leaks on device setup failure (bsc#1266696).
- CVE-2026-46090: ALSA: aloop: Use guard() for spin locks (bsc#1267531).
- CVE-2026-46094: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (bsc#1266927).
- CVE-2026-46110: net: stmmac: rename STMMAC_GET_ENTRY() -> STMMAC_NEXT_ENTRY() (bsc#1266759).
- CVE-2026-46111: Bluetooth: hci_conn: fix potential UAF in create_big_sync (bsc#1267626).
- CVE-2026-46113: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (bsc#1266969).
- CVE-2026-46114: RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads (bsc#1266972).
- CVE-2026-46157: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger (bsc#1267726).
- CVE-2026-46159: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (bsc#1267652).
- CVE-2026-46176: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() (bsc#1266816).
- CVE-2026-46181: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (bsc#1266826).
- CVE-2026-46209: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (bsc#1267663).
- CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (bsc#1266238).

The following non security issues were fixed:

- accel/ivpu: Add buffer overflow check in MS get_info_ioctl (git-fixes).
- ACPI: x86: cmos_rtc: Clean up address space handler driver (stable-fixes).
- ACPI: x86: cmos_rtc: Improve coordination with ACPI TAD driver (git-fixes).
- ALSA: asihpi: Fix potential OOB array access at reading cache (stable-fixes).
- ALSA: hda/conexant: Renaming the codec with device ID 0x1f86 and 0x1f87 (stable-fixes).
- ALSA: pcm: Don't setup bogus iov_iter for silencing (git-fixes).
- ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams (git-fixes).
- ALSA: pcm: oss: Fix setup list UAF on proc write error (git-fixes).
- ALSA: sc6000: Keep the programmed board state in card-private data (git-fixes).
- ALSA: sc6000: Use standard print API (stable-fixes).
- ALSA: scarlett2: Fix 2i2 Gen 4 direct monitor gain on firmware 2417 (git-fixes).
- ALSA: seq: avoid past-the-end iterator in snd_seq_create_port() (git-fixes).
- ALSA: seq: dummy: fix UMP event stack overread (git-fixes).
- ALSA: seq: Serialize UMP output teardown with event_input (git-fixes).
- ALSA: timer: avoid past-the-end iterator in snd_timer_dev_register() (git-fixes).
- ALSA: ua101: Reject too-short USB descriptors (git-fixes).
- ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans (git-fixes).
- ALSA: usb-audio: Bound MIDI endpoint descriptor scans (git-fixes).
- arm64: tlb: Allow XZR argument to TLBI ops (git-fixes).
- arm64: tlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI (git-fixes).
- ASoC: codecs: simple-mux: Fix enum control bounds check (git-fixes).
- ASoC: cs35l56: Fix flushing of IRQ work in cs35l56_sdw_remove() (git-fixes).
- ASoC: Intel: bytcht_es8316: Fix MCLK leak on init errors (git-fixes).
- ASoC: qcom: q6asm-dai: close stream only when running (git-fixes).
- ASoC: qcom: q6asm-dai: do not set stream state in event and trigger callbacks (git-fixes).
- ASoC: qcom: q6asm-dai: fix error handling in prepare and set_params (git-fixes).
- ASoC: SOF: Intel: hda-dai: add support for dspless mode beyond HDAudio (stable-fixes).
- ASoC: SOF: Intel: hda-dai: remove dspless special case (stable-fixes).
- ASoC: SOF: Intel: hda: Fix NULL pointer dereference (stable-fixes).
- auxdisplay: line-display: fix OOB read on zero-length message_store() (git-fixes).
- batman-adv: bla: fix report_work leak on backbone_gw purge (git-fixes).
- batman-adv: clear current gateway during teardown (git-fixes).
- batman-adv: dat: handle forward allocation error (git-fixes).
- batman-adv: fix batadv_skb_is_frag() kernel-doc (git-fixes).
- batman-adv: fix fragment reassembly length accounting (git-fixes).
- batman-adv: fix tp_meter counter underflow during shutdown (git-fixes).
- batman-adv: frag: disallow unicast fragment in fragment (git-fixes).
- batman-adv: tp_meter: avoid use of uninit sender vars (git-fixes).
- batman-adv: tt: fix negative last_changeset_len (git-fixes).
- batman-adv: tt: fix negative tt_buff_len (git-fixes).
- bcache: fix uninitialized closure object (git-fixes).
- Bluetooth: 6lowpan: check skb_clone() return value in send_mcast_pkt() (git-fixes).
- Bluetooth: bnep: Fix UAF read of dev->name (git-fixes).
- Bluetooth: bnep: reject short frames before parsing (git-fixes).
- Bluetooth: btmtk: fix urb->setup_packet leak in error paths (git-fixes).
- Bluetooth: btusb: Allow firmware re-download when version matches (git-fixes).
- Bluetooth: fix UAF in l2cap_sock_cleanup_listen() vs l2cap_conn_del() (git-fixes).
- Bluetooth: hci_sync: fix UAF in hci_le_create_cis_sync (git-fixes).
- Bluetooth: hci_sync: reject oversized Broadcast Announcement prepend (git-fixes).
- Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device close (git-fixes).
- Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths (git-fixes).
- Bluetooth: HIDP: fix missing length checks in hidp_input_report() (git-fixes).
- Bluetooth: ISO: drop ISO_END frames received without prior ISO_START (git-fixes).
- Bluetooth: ISO: fix UAF in iso_recv_frame (git-fixes).
- Bluetooth: ISO: serialize iso_sock_clear_timer with socket lock (git-fixes).
- Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration success (git-fixes).
- Bluetooth: L2CAP: ecred_reconfigure: send packed pdu, not stack pointer (git-fixes).
- Bluetooth: L2CAP: fix chan ref leak in l2cap_chan_timeout() on !conn (git-fixes).
- Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp (git-fixes).
- Bluetooth: L2CAP: use chan timer to close channels in cleanup_listen() (git-fixes).
- Bluetooth: MGMT: Fix backward compatibility with userspace (git-fixes).
- Bluetooth: MGMT: validate Add Extended Advertising Data length (git-fixes).
- Bluetooth: MGMT: validate advertising TLV before type checks (git-fixes).
- Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() (git-fixes).
- Bluetooth: RFCOMM: validate skb length in MCC handlers (git-fixes).
- Bluetooth: serialize accept_q access (git-fixes).
- cgroup: Increment nr_dying_subsys_* from rmdir context (git-fixes).
- comedi: comedi_test: fix check for valid scan_begin_src in waveform_ai_cmdtest() (git-fixes).
- comedi: comedi_test: Fix limiting of convert_arg in waveform_ai_cmdtest() (git-fixes).
- device property: set fwnode->secondary to NULL in fwnode_init() (git-fixes).
- dm: fix a buffer overflow in ioctl processing (git-fixes).
- drivers/base/memory: fix memory block reference leak in poison accounting (git-fixes).
- drm/amd/display: Bound VBIOS record-chain walk loops (git-fixes).
- drm/amd/display: Clamp HDMI HDCP2 rx_id_list read to buffer size (git-fixes).
- drm/amd/display: Fix integer overflow in bios_get_image() (stable-fixes).
- drm/amd/display: Fix NULL deref and buffer over-read in SDP debugfs (git-fixes).
- drm/amd/display: Reject gpio_bitshift >= 32 in bios_parser_get_gpio_pin_info() (git-fixes).
- drm/amd/display: Use krealloc_array() in dal_vector_reserve() (git-fixes).
- drm/amd/display: Validate GPIO pin LUT table size before iterating (stable-fixes).
- drm/amd/display: Validate payload length and link_index in dc_process_dmub_aux_transfer_async (stable- fixes).
- drm/amd/pm/si: Disregard vblank time when no displays are connected (git-fixes).
- drm/amdgpu/uvd3.1: Don't validate the firmware when already validated (git-fixes).
- drm/amdgpu/uvd4.2: Don't initialize UVD 4.2 when DPM is disabled (git-fixes).
- drm/amdgpu/vce2: Fix VCE 2 firmware size and offsets (git-fixes).
- drm/amdgpu/vce3: Fix VCE 3 firmware size and offsets (git-fixes).
- drm/amdgpu/vpe: Force collaborate sync after TRAP (stable-fixes).
- drm/amdgpu: add amdgpu_device reference in ip block (stable-fixes).
- drm/amdgpu: fix spelling typos (stable-fixes).
- drm/amdgpu: update the handle ptr in dump_ip_state (stable-fixes).
- drm/amdgpu: update the handle ptr in early_init (stable-fixes).
- drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 (git-fixes).
- drm/amdkfd: fix NULL dereference in get_queue_ids() (git-fixes).
- drm/bridge: chipone-icn6211: use devm_drm_bridge_add in i2c probe (git-fixes).
- drm/bridge: it66121: acquire reset GPIO in probe (git-fixes).
- drm/bridge: megachips: remove bridge when irq request fails (git-fixes).
- drm/hyperv: validate resolution_count and fix WIN8 fallback (git-fixes).
- drm/hyperv: validate VMBus packet size in receive callback (git-fixes).
- drm/i915/dp: Fix readback for target_rr in Adaptive Sync SDP (git-fixes).
- drm/i915: Extract intel_dbuf_mdclk_cdclk_ratio_update() (stable-fixes).
- drm/i915: Fix potential UAF in TTM object purge (git-fixes).
- drm/i915: Loop over all active pipes in intel_mbus_dbox_update (stable-fixes).
- drm/imx: Fix three kernel-doc warnings in dcss-scaler.c (git-fixes).
- drm/msm/dsi: don't dump registers past the mapped region (git-fixes).
- drm/msm/snapshot: fix dumping of the unaligned regions (git-fixes).
- drm/radeon/evergreen_cs: Add missing NULL prefix check in surface check (git-fixes).
- drm/v3d: Fix vaddr leak when indirect CSD has zeroed workgroups (git-fixes).
- drm/virtio: use uninterruptible resv lock for plane updates (git-fixes).
- drm/xe/gsc: Fix double-free of managed BO in error path (git-fixes).
- drm/xe/oa: Fix exec_queue leak on width check in stream open (git-fixes).
- drm/xe/pf: Fix CFI failure in debugfs access (git-fixes).
- drm/xe/vf: Fix signature of print functions (git-fixes).
- drm/xe: Clear pending_disable before signaling suspend fence (git-fixes).
- drm/xe: Define CACHE_MODE_1 as MCR register (git-fixes).
- efi: Allocate runtime workqueue before ACPI init (git-fixes).
- firmware: arm_ffa: Check for NULL FF-A ID table while driver registration (git-fixes).
- firmware: arm_ffa: Skip free_pages on RX buffer alloc failure (git-fixes).
- gve: Add RSS cache for non RSS device option scenario (bsc#1265925).
- gve: add XDP DROP and PASS support for DQ (bsc#1265925).
- gve: Enable reading max ring size from the device in DQO-QPL mode (bsc#1265925).
- gve: introduce config-based allocation for XDP (bsc#1265925).
- gve: merge packet buffer size fields (bsc#1265925).
- gve: process XSK TX descriptors as part of RX NAPI (bsc#1265925).
- gve: remove xdp_xsk_done and xdp_xsk_wakeup statistics (bsc#1265925).
- gve: trigger RX NAPI instead of TX NAPI in gve_xsk_wakeup (bsc#1265925).
- gve: update GQ RX to use buf_size (bsc#1265925).
- gve: Update QPL page registration logic (bsc#1265925).
- gve: update XDP allocation path support RX buffer posting (bsc#1265925).
- HID: quirks: really enable the intended work around for appledisplay (git-fixes).
- HID: uclogic: Fix regression of input name assignment (git-fixes).
- HID: wacom: Fix OOB write in wacom_hid_set_device_mode() (git-fixes).
- hwmon: (pmbus/adm1266) bounce blackbox records through a protocol-sized buffer (git-fixes).
- hwmon: (pmbus/adm1266) cap PDIO scan in get_multiple at ADM1266_PDIO_NR (git-fixes).
- hwmon: (pmbus/adm1266) don't clobber GPIO bits before PDIO read in get_multiple (git-fixes).
- hwmon: (pmbus/adm1266) include adapter number in GPIO line label (git-fixes).
- hwmon: (pmbus/adm1266) include PEC byte in pmbus_block_xfer read buffer (git-fixes).
- hwmon: (pmbus/adm1266) register the gpio_chip after pmbus_do_probe() (git-fixes).
- hwmon: (pmbus/adm1266) register the nvmem device after pmbus_do_probe() (git-fixes).
- hwmon: (pmbus/adm1266) reject implausible blackbox record_count (git-fixes).
- hwmon: (pmbus/adm1266) reject short block-read responses in the GPIO accessors (git-fixes).
- hwmon: (pmbus/adm1266) seed timestamp from the real-time clock (git-fixes).
- hwmon: (pmbus/adm1266) widen blackbox-info buffer to I2C_SMBUS_BLOCK_MAX (git-fixes).
- iio: adc: viperboard: Fix error handling in vprbrd_iio_read_raw (git-fixes).
- iio: adc: xilinx-xadc: Fix sequencer mode in postdisable for dual mux (git-fixes).
- iio: buffer: hw-consumer: fix use-after-free in error path (git-fixes).
- iio: dac: ad5686: acquire lock when doing powerdown control (git-fixes).
- iio: dac: ad5686: fix input raw value check (git-fixes).
- iio: dac: max5821: fix return value check in powerdown sync (git-fixes).
- iio: gyro: itg3200: fix i2c read into the wrong stack location (git-fixes).
- iio: imu: st_lsm6dsx: fix stack leak in tagged FIFO buffer (git-fixes).
- iio: light: cm3323: fix reg_conf not being initialized correctly (git-fixes).
- iio: magnetometer: st_magn: fix default DRDY pin selection for LIS2MDL (git-fixes).
- iio: ssp_sensors: cancel delayed work_refresh on remove (git-fixes).
- iio: temperature: tsys01: fix broken PROM checksum validation (git-fixes).
- Input: atkbd - skip deactivate for HONOR BCC-N's internal keyboard (git-fixes).
- Input: atmel_mxt_ts - fix boundary check in mxt_prepare_cfg_mem (git-fixes).
- Input: ims-pcu - fix usb_free_coherent() size in ims_pcu_buffers_free() (git-fixes).
- Input: usbtouchscreen - clamp NEXIO data_len/x_len to URB buffer size (git-fixes).
- Input: xpad - fix out-of-bounds access for Share button (git-fixes).
- KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT (git-fixes).
- KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC (git-fixes).
- KVM: X86: Fix array_index_nospec protection in __pv_send_ipi (git-fixes).
- KVM: x86: Fix Xen hypercall tracepoint argument assignment (git-fixes).
- mmc: core: Fix host controller programming for fixed driver type (git-fixes).
- mmc: litex_mmc: Set mandatory idle clocks before CMD0 (git-fixes).
- mmc: litex_mmc: Use DIV_ROUND_UP for more accurate clock calculation (git-fixes).
- mmc: renesas_sdhi: Add OF entry for RZ/G2H SoC (git-fixes).
- mmc: sdhci: add signal voltage switch in sdhci_resume_host (git-fixes).
- net: gro: don't merge zcopy skbs (git-fixes).
- net: mana: Add NULL guards in teardown path to prevent panic on attach failure (git-fixes).
- net: mana: Expose hardware diagnostic info via debugfs (bsc#1266414).
- net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer (bsc#1265928).
- net: mana: hardening: Reject zero max_num_queues from GDMA_QUERY_MAX_RESOURCES (git-fixes).
- net: mana: Skip redundant detach on already-detached port (git-fixes).
- net: mana: Use kvmalloc for large RX queue and buffer allocations (bsc#1266765).
- net: mana: Use per-queue allocation for tx_qp to reduce allocation size (bsc#1266765).
- net: mana: validate rx_req_idx to prevent out-of-bounds array access (bsc#1266402).
- net: wwan: iosm: fix potential memory leaks in ipc_imem_init() (git-fixes).
- nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston OM3SGP4 (git-fixes).
- parport: Fix race between port and client registration (git-fixes).
- phy: marvell: mvebu-a3700-utmi: fix incorrect USB2_PHY_CTRL register access (git-fixes).
- platform/x86: adv_swbutton: Check ACPI_HANDLE() against NULL (git-fixes).
- platform/x86: hp_accel: Check ACPI_COMPANION() against NULL (git-fixes).
- platform/x86: intel-hid: Check ACPI_HANDLE() against NULL (git-fixes).
- platform/x86: intel-vbtn: Check ACPI_HANDLE() against NULL (git-fixes).
- r8152: fix incorrect register write to USB_UPHY_XTAL (git-fixes).
- RDMA/efa: Check stored completion CTX command ID with received one (git-fixes).
- RDMA/efa: Extend admin timeout error print (git-fixes).
- RDMA/efa: Fix possible deadlock (git-fixes).
- RDMA/efa: Improve admin completion context state machine (git-fixes).
- RDMA/mana_ib: Report max_msg_sz in mana_ib_query_port (git-fixes).
- s390/barrier: Make array_index_mask_nospec() __always_inline (bsc#1261591).
- s390/barrier: Make array_index_mask_nospec() __always_inline (bsc#1263068).
- s390/entry: Scrub r12 register on kernel entry (bsc#1261591).
- s390/entry: Scrub r12 register on kernel entry (bsc#1263068).
- s390/mm: Add missing secure storage access fixups for donated memory (bsc#1264835).
- s390/syscalls: Add spectre boundary for syscall dispatch table (bsc#1261591).
- s390/syscalls: Add spectre boundary for syscall dispatch table (bsc#1263068).
- sched/rt: Skip currently executing CPU in rto_next_cpu() (bsc#1262649).
- scsi: qla2xxx: Add support to report MPI FW state (git-fixes).
- scsi: ses: Handle positive SCSI error from ses_recv_diag() (git-fixes).
- security/keys: fix missed RCU read section on lookup (stable-fixes).
- serial: fsl_lpuart: fix rx buffer and DMA map leaks in start_rx_dma (git-fixes).
- serial: qcom-geni: fix UART_RX_PAR_EN bit position (git-fixes).
- smb: client: correctly handle ErrorContextData as a flexible array (git-fixes).
- soundwire: debugfs: initialize firmware_file to empty string (git-fixes).
- spi: mtk-snfi: Fix resource leak in mtk_snand_read_page_cache() (git-fixes).
- spi: sprd: fix error pointer deref after DMA setup failure (git-fixes).
- spi: st-ssc4: switch to use modern name (stable-fixes).
- spi: ti-qspi: fix use-after-free after DMA setup failure (git-fixes).
- string: add mem_is_zero() helper to check if memory area is all zeros (stable-fixes).
- thermal: core: Free thermal zone ID later during removal (git-fixes).
- thunderbolt: property: Reject dir_len < 4 to prevent size_t underflow (git-fixes).
- thunderbolt: property: Reject u32 wrap in tb_property_entry_valid() (git-fixes).
- tracing: Switch trace_osnoise.c code over to use guard() and __free() (bsc#1262634).
- tty: serial: pch_uart: add check for dma_alloc_coherent() (git-fixes).
- USB: cdc-acm: Fix bit overlap and move quirk definitions to header (git-fixes).
- usb: cdns3: gadget: fix request skipping after clearing halt (git-fixes).
- usb: chipidea: core: convert ci_role_switch to local variable (git-fixes).
- usb: dwc2: Fix use after free in debug code (git-fixes).
- usb: gadget: composite: fix integer underflow in WebUSB GET_URL handling (git-fixes).
- usb: gadget: dummy_hcd: Reject hub port requests for non-existent ports (git-fixes).
- usb: gadget: f_fs: copy only received bytes on short ep0 read (git-fixes).
- usb: gadget: f_hid: fix device reference leak in hidg_alloc() (git-fixes).
- usb: gadget: net2280: Fix double free in probe error path (git-fixes).
- USB: serial: belkin_sa: validate interrupt statu ...

Please note that the description has been truncated due to length. Please refer to vendor advisory for the full description.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 323086

File Name: suse_SU-2026-2482-1.nasl

Version: 1.1

Type: Local

Agent: unix

Family: SuSE Local Security Checks

Published: 6/26/2026

Updated: 6/26/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, tenable_cloud_security, tenable_self_hosted_container_security, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-46004

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-livepatch-6_4_0-150700_53_60-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/22/2026

Vulnerability Publication Date: 8/8/2025

Reference Information

CVE: CVE-2025-38549, CVE-2025-68324, CVE-2026-23303, CVE-2026-23327, CVE-2026-23359, CVE-2026-23438, CVE-2026-23444, CVE-2026-31396, CVE-2026-31446, CVE-2026-31448, CVE-2026-31454, CVE-2026-31455, CVE-2026-31464, CVE-2026-31473, CVE-2026-31480, CVE-2026-31493, CVE-2026-31516, CVE-2026-31518, CVE-2026-31546, CVE-2026-31580, CVE-2026-31590, CVE-2026-31591, CVE-2026-31596, CVE-2026-31613, CVE-2026-31614, CVE-2026-31629, CVE-2026-31655, CVE-2026-31671, CVE-2026-31673, CVE-2026-31678, CVE-2026-31703, CVE-2026-31758, CVE-2026-31767, CVE-2026-31774, CVE-2026-43009, CVE-2026-43013, CVE-2026-43026, CVE-2026-43030, CVE-2026-43040, CVE-2026-43052, CVE-2026-43054, CVE-2026-43059, CVE-2026-43065, CVE-2026-43066, CVE-2026-43068, CVE-2026-43109, CVE-2026-43150, CVE-2026-43206, CVE-2026-43234, CVE-2026-43249, CVE-2026-43252, CVE-2026-43261, CVE-2026-43284, CVE-2026-43296, CVE-2026-43325, CVE-2026-43333, CVE-2026-43338, CVE-2026-43341, CVE-2026-43359, CVE-2026-43360, CVE-2026-43361, CVE-2026-43362, CVE-2026-43406, CVE-2026-43407, CVE-2026-43411, CVE-2026-43413, CVE-2026-43414, CVE-2026-43455, CVE-2026-43470, CVE-2026-43483, CVE-2026-43499, CVE-2026-43501, CVE-2026-45842, CVE-2026-45843, CVE-2026-45846, CVE-2026-45852, CVE-2026-45856, CVE-2026-45878, CVE-2026-45886, CVE-2026-45898, CVE-2026-45910, CVE-2026-45932, CVE-2026-45970, CVE-2026-45983, CVE-2026-45984, CVE-2026-46004, CVE-2026-46021, CVE-2026-46024, CVE-2026-46043, CVE-2026-46079, CVE-2026-46083, CVE-2026-46090, CVE-2026-46094, CVE-2026-46110, CVE-2026-46111, CVE-2026-46113, CVE-2026-46114, CVE-2026-46157, CVE-2026-46159, CVE-2026-46176, CVE-2026-46181, CVE-2026-46209, CVE-2026-46243

SuSE: SUSE-SU-2026:2482-1

Detections

Analytics