SUSE SLED15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2026:2722-1)

high Nessus Plugin ID 324872

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2722-1 advisory.

The SUSE Linux Enterprise 15 SP7 kernel was updated to receive various security bugfixes.


The following security bugs were fixed:

- CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs (bsc#1266290).
- CVE-2025-68822: Input: alps - fix use-after-free bugs caused by dev3_register_work (bsc#1256668).
- CVE-2026-23392: netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1260531).
- CVE-2026-31414: netfilter: nf_conntrack_expect: use expect->helper (bsc#1262085).
- CVE-2026-31429: net: skb: fix cross-cache free of KFENCE-allocated skb head (bsc#1262392).
- CVE-2026-31452: ext4: convert inline data to extents when truncate exceeds inline size (bsc#1262620).
- CVE-2026-31469: virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false
- CVE-2026-31492: RDMA/irdma: Initialize free_qp completion before using it (bsc#1262748).
- CVE-2026-31495: netfilter: ctnetlink: use netlink policy range checks (bsc#1262798).
- CVE-2026-31499: Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del() (bsc#1262674).
- CVE-2026-31500: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (bsc#1262993).
- CVE-2026-31555: futex: Clear stale exiting pointer in futex_lock_pi() retry path (bsc#1263178).
- CVE-2026-31560: spi: spi-dw-dma: fix print error log when wait finish transaction (bsc#1263057).
- CVE-2026-31592: KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock (bsc#1263123).
- CVE-2026-31593: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU (bsc#1263124).
- CVE-2026-31664: string.h: Introduce memset_after() for wiping trailing members/padding (bsc#1263578).
- CVE-2026-31665: kABI: netfilter: nft_ct: fix use-after-free in timeout object destroy (bsc#1263137).
- CVE-2026-31674: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (bsc#1263568).
- CVE-2026-31680: net: ipv6: flowlabel: defer exclusive option free until RCU teardown (bsc#1263563).
- CVE-2026-31693: cifs: some missing initializations on replay (bsc#1267744).
- CVE-2026-31752: bridge: br_nd_send: validate ND option lengths (bsc#1264045).
- CVE-2026-31759: usb: ulpi: fix double free in ulpi_register_interface() error path (bsc#1264076).
- CVE-2026-43023: Bluetooth: SCO: fix race conditions in sco_sock_connect() (bsc#1264137).
- CVE-2026-43024: netfilter: nf_tables: reject immediate NF_QUEUE verdict (bsc#1263930).
- CVE-2026-43028: netfilter: x_tables: ensure names are nul-terminated (bsc#1263934).
- CVE-2026-43035: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (bsc#1263996).
- CVE-2026-43036: net: use skb_header_pointer() for TCPv4 GSO frag_off check (bsc#1263993).
- CVE-2026-43049: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure (bsc#1264080).
- CVE-2026-43077: crypto: algif_aead - Fix minimum RX size check for decryption (bsc#1264470).
- CVE-2026-43083: net: ioam6: fix OOB and missing lock (bsc#1264266).
- CVE-2026-43101: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() (bsc#1264239).
- CVE-2026-43112: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (bsc#1264437).
- CVE-2026-43119: Bluetooth: hci_sync: annotate data-races around hdev->req_status (bsc#1264561).
- CVE-2026-43158: xfs: fix freemap adjustments when adding xattrs to leaf blocks (bsc#1264595).
- CVE-2026-43171: EFI/CPER: do not dump the entire memory region (bsc#1264549).
- CVE-2026-43187: xfs: delete attr leaf freemap entries when empty (bsc#1264603).
- CVE-2026-43198: tcp: fix potential race in tcp_v6_syn_recv_sock() (bsc#1264610).
- CVE-2026-43239: smb: client: prevent races in ->query_interfaces() (bsc#1264444).
- CVE-2026-43339: ipv6: prevent possible UaF in addrconf_permanent_addr() (bsc#1264763).
- CVE-2026-43345: net: ipa: fix event ring index not programmed for IPA v5.0+ (bsc#1265103).
- CVE-2026-43405: libceph: Use u32 for non-negative values in ceph_monmap_decode() (bsc#1264741).
- CVE-2026-43469: xprtrdma: Decrement re_receiving on the early exit paths (bsc#1265143).
- CVE-2026-43491: net: qrtr: ns: Limit the maximum server registration per node (bsc#1265628).
- CVE-2026-45840: openvswitch: cap upcall PID array size and pre-size vport replies (bsc#1266397).
- CVE-2026-45841: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO (bsc#1266390).
- CVE-2026-45862: iommu/vt-d: Flush cache for PASID table before using it (bsc#1266705).
- CVE-2026-45870: SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths (bsc#1266704).
- CVE-2026-45894: iommu/vt-d: Clear Present bit before tearing down PASID entry (bsc#1266895).
- CVE-2026-45940: net: stmmac: fix oops when split header is enabled (bsc#1266916).
- CVE-2026-45961: gfs2: fix memory leaks in gfs2_fill_super error path (bsc#1266933).
- CVE-2026-45964: SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path (bsc#1266698).
- CVE-2026-45965: apparmor: fix invalid deref of rawdata when export_binary is unset (bsc#1267208).
- CVE-2026-45974: btrfs: fix invalid leaf access in btrfs_quota_enable() if ref key not found (bsc#1266922).
- CVE-2026-46005: xfs: fix a resource leak in xfs_alloc_buftarg() (bsc#1267431).
- CVE-2026-46037: ipv4: icmp: validate reply type before using icmp_pointers (bsc#1267361).
- CVE-2026-46101: netfilter: reject zero shift in nft_bitwise (bsc#1266878).
- CVE-2026-46119: libceph: Fix slab-out-of-bounds access in auth message processing (bsc#1267628).
- CVE-2026-46123: Bluetooth: virtio_bt: clamp rx length before skb_put (bsc#1267621).
- CVE-2026-46150: fanotify: fix false positive on permission events (bsc#1267387).
- CVE-2026-46160: btrfs: fix missing last_unlink_trans update when removing a directory (bsc#1267624).
- CVE-2026-46162: ice: fix double free in ice_sf_eth_activate() error path (bsc#1266840).
- CVE-2026-46172: ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() (bsc#1266903).
- CVE-2026-46244: netfilter: nft_inner: Fix IPv6 inner_thoff desync (bsc#1267654).
- CVE-2026-46259: procfs: fix missing RCU protection when reading real_parent in do_task_stat() (bsc#1267685).
- CVE-2026-46273: ibmveth: Disable GSO for packets with small MSS (bsc#1267651).


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1256668

https://bugzilla.suse.com/1260531

https://bugzilla.suse.com/1262085

https://bugzilla.suse.com/1262392

https://bugzilla.suse.com/1262617

https://bugzilla.suse.com/1262620

https://bugzilla.suse.com/1262674

https://bugzilla.suse.com/1262748

https://bugzilla.suse.com/1262798

https://bugzilla.suse.com/1262993

https://bugzilla.suse.com/1263057

https://bugzilla.suse.com/1263123

https://bugzilla.suse.com/1263124

https://bugzilla.suse.com/1263137

https://bugzilla.suse.com/1263178

https://bugzilla.suse.com/1263563

https://bugzilla.suse.com/1263568

https://bugzilla.suse.com/1263578

https://bugzilla.suse.com/1263930

https://bugzilla.suse.com/1263934

https://bugzilla.suse.com/1263993

https://bugzilla.suse.com/1263996

https://bugzilla.suse.com/1264045

https://bugzilla.suse.com/1264076

https://bugzilla.suse.com/1264080

https://bugzilla.suse.com/1264137

https://bugzilla.suse.com/1264239

https://bugzilla.suse.com/1264266

https://bugzilla.suse.com/1264437

https://bugzilla.suse.com/1264444

https://bugzilla.suse.com/1264470

https://bugzilla.suse.com/1264549

https://bugzilla.suse.com/1264561

https://bugzilla.suse.com/1264595

https://bugzilla.suse.com/1264603

https://bugzilla.suse.com/1264610

https://bugzilla.suse.com/1264741

https://bugzilla.suse.com/1264763

https://bugzilla.suse.com/1265103

https://bugzilla.suse.com/1265143

https://bugzilla.suse.com/1265628

https://bugzilla.suse.com/1266290

https://bugzilla.suse.com/1266390

https://bugzilla.suse.com/1266397

https://bugzilla.suse.com/1266698

https://bugzilla.suse.com/1266704

https://bugzilla.suse.com/1266705

https://bugzilla.suse.com/1266840

https://bugzilla.suse.com/1266878

https://bugzilla.suse.com/1266895

https://bugzilla.suse.com/1266903

https://bugzilla.suse.com/1266916

https://bugzilla.suse.com/1266922

https://bugzilla.suse.com/1266933

https://bugzilla.suse.com/1267208

https://bugzilla.suse.com/1267251

https://bugzilla.suse.com/1267361

https://bugzilla.suse.com/1267387

https://bugzilla.suse.com/1267431

https://bugzilla.suse.com/1267621

https://bugzilla.suse.com/1267624

https://bugzilla.suse.com/1267628

https://bugzilla.suse.com/1267651

https://bugzilla.suse.com/1267654

https://bugzilla.suse.com/1267685

https://bugzilla.suse.com/1267744

https://lists.suse.com/pipermail/sle-updates/2026-July/047848.html

https://www.suse.com/security/cve/CVE-2025-10263

https://www.suse.com/security/cve/CVE-2025-68822

https://www.suse.com/security/cve/CVE-2026-23392

https://www.suse.com/security/cve/CVE-2026-31414

https://www.suse.com/security/cve/CVE-2026-31429

https://www.suse.com/security/cve/CVE-2026-31452

https://www.suse.com/security/cve/CVE-2026-31453

https://www.suse.com/security/cve/CVE-2026-31469

https://www.suse.com/security/cve/CVE-2026-31492

https://www.suse.com/security/cve/CVE-2026-31495

https://www.suse.com/security/cve/CVE-2026-31499

https://www.suse.com/security/cve/CVE-2026-31500

https://www.suse.com/security/cve/CVE-2026-31555

https://www.suse.com/security/cve/CVE-2026-31560

https://www.suse.com/security/cve/CVE-2026-31592

https://www.suse.com/security/cve/CVE-2026-31593

https://www.suse.com/security/cve/CVE-2026-31664

https://www.suse.com/security/cve/CVE-2026-31665

https://www.suse.com/security/cve/CVE-2026-31674

https://www.suse.com/security/cve/CVE-2026-31680

https://www.suse.com/security/cve/CVE-2026-31693

https://www.suse.com/security/cve/CVE-2026-31752

https://www.suse.com/security/cve/CVE-2026-31759

https://www.suse.com/security/cve/CVE-2026-43023

https://www.suse.com/security/cve/CVE-2026-43024

https://www.suse.com/security/cve/CVE-2026-43028

https://www.suse.com/security/cve/CVE-2026-43035

https://www.suse.com/security/cve/CVE-2026-43036

https://www.suse.com/security/cve/CVE-2026-43049

https://www.suse.com/security/cve/CVE-2026-43077

https://www.suse.com/security/cve/CVE-2026-43083

https://www.suse.com/security/cve/CVE-2026-43101

https://www.suse.com/security/cve/CVE-2026-43112

https://www.suse.com/security/cve/CVE-2026-43119

https://www.suse.com/security/cve/CVE-2026-43158

https://www.suse.com/security/cve/CVE-2026-43171

https://www.suse.com/security/cve/CVE-2026-43187

https://www.suse.com/security/cve/CVE-2026-43198

https://www.suse.com/security/cve/CVE-2026-43239

https://www.suse.com/security/cve/CVE-2026-43339

https://www.suse.com/security/cve/CVE-2026-43345

https://www.suse.com/security/cve/CVE-2026-43405

https://www.suse.com/security/cve/CVE-2026-43469

https://www.suse.com/security/cve/CVE-2026-43491

https://www.suse.com/security/cve/CVE-2026-45840

https://www.suse.com/security/cve/CVE-2026-45841

https://www.suse.com/security/cve/CVE-2026-45862

https://www.suse.com/security/cve/CVE-2026-45870

https://www.suse.com/security/cve/CVE-2026-45894

https://www.suse.com/security/cve/CVE-2026-45940

https://www.suse.com/security/cve/CVE-2026-45961

https://www.suse.com/security/cve/CVE-2026-45964

https://www.suse.com/security/cve/CVE-2026-45965

https://www.suse.com/security/cve/CVE-2026-45974

https://www.suse.com/security/cve/CVE-2026-46005

https://www.suse.com/security/cve/CVE-2026-46037

https://www.suse.com/security/cve/CVE-2026-46101

https://www.suse.com/security/cve/CVE-2026-46119

https://www.suse.com/security/cve/CVE-2026-46123

https://www.suse.com/security/cve/CVE-2026-46150

https://www.suse.com/security/cve/CVE-2026-46160

https://www.suse.com/security/cve/CVE-2026-46162

https://www.suse.com/security/cve/CVE-2026-46172

https://www.suse.com/security/cve/CVE-2026-46244

https://www.suse.com/security/cve/CVE-2026-46259

https://www.suse.com/security/cve/CVE-2026-46273

Plugin Details

Severity: High

ID: 324872

File Name: suse_SU-2026-2722-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 7/2/2026

Updated: 7/2/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.6

Percentile: 98.47

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-46162

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-obs-build, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-64kb, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-livepatch-6_4_0-150700_53_63-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:kernel-zfcpdump

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/1/2026

Vulnerability Publication Date: 1/13/2026

Reference Information

CVE: CVE-2025-10263, CVE-2025-68822, CVE-2026-23392, CVE-2026-31414, CVE-2026-31429, CVE-2026-31452, CVE-2026-31453, CVE-2026-31469, CVE-2026-31492, CVE-2026-31495, CVE-2026-31499, CVE-2026-31500, CVE-2026-31555, CVE-2026-31560, CVE-2026-31592, CVE-2026-31593, CVE-2026-31664, CVE-2026-31665, CVE-2026-31674, CVE-2026-31680, CVE-2026-31693, CVE-2026-31752, CVE-2026-31759, CVE-2026-43023, CVE-2026-43024, CVE-2026-43028, CVE-2026-43035, CVE-2026-43036, CVE-2026-43049, CVE-2026-43077, CVE-2026-43083, CVE-2026-43101, CVE-2026-43112, CVE-2026-43119, CVE-2026-43158, CVE-2026-43171, CVE-2026-43187, CVE-2026-43198, CVE-2026-43239, CVE-2026-43339, CVE-2026-43345, CVE-2026-43405, CVE-2026-43469, CVE-2026-43491, CVE-2026-45840, CVE-2026-45841, CVE-2026-45862, CVE-2026-45870, CVE-2026-45894, CVE-2026-45940, CVE-2026-45961, CVE-2026-45964, CVE-2026-45965, CVE-2026-45974, CVE-2026-46005, CVE-2026-46037, CVE-2026-46101, CVE-2026-46119, CVE-2026-46123, CVE-2026-46150, CVE-2026-46160, CVE-2026-46162, CVE-2026-46172, CVE-2026-46244, CVE-2026-46259, CVE-2026-46273

SuSE: SUSE-SU-2026:2722-1