Synopsis
The remote SUSE host is missing one or more security updates.
Description
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2800-1 advisory.
The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-40216: io_uring/rsrc: don't rely on user vaddr alignment (bsc#1259764).
- CVE-2025-40341: futex: Don't leak robust_list pointer on exec race (bsc#1255029).
- CVE-2025-71294: drm/amdgpu: fix NULL pointer issue buffer funcs (bsc#1264562).
- CVE-2026-23451: bonding: prevent potential infinite loop in bond_header_parse() (bsc#1261604).
- CVE-2026-31450: ext4: publish jinode after initialization (bsc#1262618).
- CVE-2026-31462: drm/amdgpu: prevent immediate PASID reuse case (bsc#1262655).
- CVE-2026-31466: mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (bsc#1267825).
- CVE-2026-31502: team: fix header_ops type confusion with non-Ethernet ports (bsc#1263072).
- CVE-2026-31647: idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling (bsc#1263581).
- CVE-2026-31670: net: rfkill: prevent unlimited numbers of rfkill events from being created (bsc#1263573).
- CVE-2026-31677: crypto: af_alg - limit RX SG extraction by receive buffer budget (bsc#1263560).
- CVE-2026-31697: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (bsc#1264116).
- CVE-2026-31698: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (bsc#1263880).
- CVE-2026-31699: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (bsc#1263879).
- CVE-2026-31771: Bluetooth: hci_event: move wake reason storage into validated event handlers (bsc#1264145).
- CVE-2026-43010: bpf: Reject sleepable kprobe_multi programs at attach time (bsc#1264015).
- CVE-2026-43022: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists (bsc#1264001).
- CVE-2026-43034: bnxt_en: set backing store type from query type (bsc#1263998).
- CVE-2026-43053: xfs: close crash window in attr dabtree inactivation (bsc#1264084).
- CVE-2026-43074: eventpoll: defer struct eventpoll free to RCU grace period (bsc#1264263).
- CVE-2026-43079: perf/x86/intel/uncore: Skip discovery table for offline dies (bsc#1264228).
- CVE-2026-43080: l2tp: Drop large packets with UDP encap (bsc#1264236).
- CVE-2026-43081: net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+ (bsc#1264241).
- CVE-2026-43085: netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator (bsc#1264230).
- CVE-2026-43086: ipvs: fix NULL deref in ip_vs_add_service error path (bsc#1264286).
- CVE-2026-43089: xfrm_user: fix info leak in build_mapping() (bsc#1264261).
- CVE-2026-43093: xsk: tighten UMEM headroom validation to account for tailroom and min frame (bsc#1264254).
- CVE-2026-43094: ixgbevf: add missing negotiate_features op to Hyper-V ops table (bsc#1264231).
- CVE-2026-43107: xfrm: account XFRMA_IF_ID in aevent size calculation (bsc#1264258).
- CVE-2026-43109: x86: shadow stacks: proper error handling for mmap lock (bsc#1264484).
- CVE-2026-43128: RDMA/umem: Fix double dma_buf_unpin in failure path (bsc#1264612).
- CVE-2026-43139: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() (bsc#1264294).
- CVE-2026-43233: netfilter: nf_conntrack_h323: fix OOB read in decode_choice() (bsc#1264337).
- CVE-2026-43238: net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash() (bsc#1264320).
- CVE-2026-43303: mm/page_alloc: clear page->private in free_pages_prepare() (bsc#1264974).
- CVE-2026-43336: lib/crypto: chacha: Zeroize permuted_state before it leaves scope (bsc#1265113).
- CVE-2026-43420: ceph: fix i_nlink underrun during async unlink (bsc#1264814).
- CVE-2026-43456: bonding: fix type confusion in bond_setup_by_slave() (bsc#1264734).
- CVE-2026-43472: unshare: fix unshare_fs() handling (bsc#1264748).
- CVE-2026-43492: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (bsc#1265629).
- CVE-2026-43502: net/rds: handle zerocopy send cleanup before the message is queued (bsc#1266008).
- CVE-2026-45838: bpf: fix end-of-list detection in cgroup_storage_get_next_key() (bsc#1266396).
- CVE-2026-45848: apparmor: fix NULL sock in aa_sock_file_perm (bsc#1266734).
- CVE-2026-45891: net: hns3: fix double free issue for tx spare buffer (bsc#1266717).
- CVE-2026-45912: ext4: don't cache extent during splitting extent (bsc#1266899).
- CVE-2026-45948: ext4: fix memory leak in ext4_ext_shift_extents() (bsc#1266929).
- CVE-2026-45985: ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O (bsc#1266700).
- CVE-2026-46028: crypto: algif_aead - snapshot IV for async AEAD requests (bsc#1267430).
- CVE-2026-46053: net: rds: fix MR cleanup on copy error (bsc#1267427).
- CVE-2026-46063: x86/shstk: Prevent deadlock during shstk sigreturn (bsc#1267228).
- CVE-2026-46065: fbdev: defio: Disconnect deferred I/O from the lifetime of struct (bsc#1267458).
- CVE-2026-46069: wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() (bsc#1267437).
- CVE-2026-46071: KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12 (bsc#1267591).
- CVE-2026-46076: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 (bsc#1267365).
- CVE-2026-46112: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() (bsc#1267582).
- CVE-2026-46116: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (bsc#1267369).
- CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink() (bsc#1267640).
- CVE-2026-46124: isofs: validate block number from NFS file handle in isofs_export_iget (bsc#1266847).
- CVE-2026-46133: RDMA/rxe: Reject unknown opcodes before ICRC processing (bsc#1266928).
- CVE-2026-46173: exit: prevent preemption of oopsing TASK_DEAD task (bsc#1267722).
- CVE-2026-46185: smb/client: fix out-of-bounds read in symlink_data() (bsc#1266830).
- CVE-2026-46197: drm/amdkfd: validate SVM ioctl nattr against buffer size (bsc#1267381).
- CVE-2026-46214: vsock/virtio: fix accept queue count leak on transport mismatch (bsc#1267717).
- CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (bsc#1267697).
- CVE-2026-46229: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure (bsc#1267567).
- CVE-2026-46253: pstore/ram: fix buffer overflow in persistent_ram_save_old() (bsc#1267635).
- CVE-2026-46254: AppArmor: Allow apparmor to handle unaligned dfa tables (bsc#1267637).
- CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP (bsc#1267684).
- CVE-2026-46289: lib/scatterlist: fix length calculations in extract_kvec_to_sg (bsc#1267966).
- CVE-2026-46291: crypto: caam - guard HMAC key hex dumps in hash_digest_key (bsc#1267937).
- CVE-2026-46315: io_uring/waitid: clear waitid info before copying it to userspace (bsc#1267953).
- CVE-2026-46319: net/sched: act_ct: Only release RCU read lock after ct_ft (bsc#1268022).
- CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp() (bsc#1267993).
- CVE-2026-46328: apparmor: fix rlimit for posix cpu timers (bsc#1268037).
- CVE-2026-46330: Revert 'net/smc: Introduce TCP ULP support' (bsc#1268049).
- CVE-2026-46331: net/sched: fix pedit partial COW leading to page cache (bsc#1265421).
- CVE-2026-52908: RDMA: During rereg_mr ensure that REREG_ACCESS is compatible (bsc#1268661).
- CVE-2026-52909: ip6_vti: set netns_immutable on the fallback device (bsc#1268660).
- CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100).
- CVE-2026-52923: ipc: limit next_id allocation to the valid ID range (bsc#1269033).
- CVE-2026-52943: net: skbuff: fix missing zerocopy reference in pskb_carve helpers (bsc#1269022).
- CVE-2026-52954: libceph: handle rbtree insertion error in decode_choose_args() (bsc#1269137).
- CVE-2026-52957: libceph: Fix potential null-ptr-deref in decode_choose_args() (bsc#1269103).
- CVE-2026-52962: ceph: fix a buffer leak in __ceph_setxattr() (bsc#1269135).
- CVE-2026-52969: KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (bsc#1269184).
- CVE-2026-52972: crypto: af_alg - Cap AEAD AD length to 0x80000000 (bsc#1269195).
- CVE-2026-53016: crypto: ccp - copy IV using skcipher ivsize (bsc#1269090).
- CVE-2026-53040: ocfs2: validate bg_bits during freefrag scan (bsc#1269397).
- CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full (bsc#1269398).
- CVE-2026-53052: ASoC: qcom: qdsp6: topology: check widget type before accessing data (bsc#1269314).
- CVE-2026-53053: iommu/amd: Fix clone_alias() to use the original device's devid (bsc#1269310).
- CVE-2026-53071: Bluetooth: l2cap: Add missing chan lock in l2cap_ecred_reconf_rsp (bsc#1269678).
- CVE-2026-53072: Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER (bsc#1269681).
- CVE-2026-53122: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit (bsc#1269418).
- CVE-2026-53133: RDMA/umem: Fix truncation for block sizes >= 4G (bsc#1269821).
- CVE-2026-53138: drm/amd/display: Bound VBIOS record-chain walk loops (bsc#1269281).
- CVE-2026-53182: wifi: nl80211: reject oversized EMA RNR lists (bsc#1269884).
- CVE-2026-53253: Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (bsc#1269574).
- CVE-2026-53266: netfilter: bridge: make ebt_snat ARP rewrite writable (bsc#1269136).
- CVE-2026-53281: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption (bsc#1269519).
- CVE-2026-53287: audit: fix incorrect inheritable capability in CAPSET records (bsc#1269506).
- CVE-2026-53359: KVM: x86: Fix shadow paging use-after-free due to unexpected role (bsc#1270059).
- CVE-2026-53362: ipv6: account for fraggap on the paged allocation path (bsc#1269493).
The following non security issues were fixed:
- ACPI: IPMI: Fix inverted interface check in ipmi_bmc_gone() (git-fixes).
- ACPI: resource: Amend kernel-doc style (git-fixes).
- ALSA: caiaq: fix out-of-bounds read in the Traktor Kontrol S4 input parser (git-fixes).
- ALSA: firewire: isight: bound the sample count to the packet payload (git-fixes).
- ALSA: hda/hdmi: Add quirk for TUXEDO IBS14G6 (stable-fixes).
- ALSA: seq: Fix uninitialised heap leak in snd_seq_event_dup() (git-fixes).
- ALSA: timer: Fix UAF at snd_timer_user_params() (stable-fixes).
- ALSA: usb-audio: avoid kobject path lookup in DualSense match (git-fixes).
- ALSA: usb-audio: Kill MIDI 2.0 URBs before freeing endpoints (git-fixes).
- ASoC: fsl_asrc_dma: fix eDMA maxburst misalignment with channel count (git-fixes).
- ASoC: qcom: q6apm: fix NULL pointer dereference in graph_callback (git-fixes).
- ASoC: tlv320aic3x: restrict CLKDIV bypass Q values in dual-rate mode (git-fixes).
- Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig (stable-fixes).
- bnxt_en: Fix NULL pointer dereference (bsc#1268307).
- bus: mhi: ep: Add missing state_lock protection for mhi_state access (git-fixes).
- bus: mhi: ep: Fix potential deadlock in mhi_ep_reset_worker() (git-fixes).
- bus: mhi: ep: Protect mhi_ep_handle_syserr() in the error path (git-fixes).
- char: tlclk: fix use-after-free in tlclk_cleanup() (git-fixes).
- dmaengine: dw-edma: Add spinlock to protect DONE_INT_MASK and ABORT_INT_MASK (git-fixes).
- dmaengine: Fix possible use after free (git-fixes).
- dmaengine: imx-sdma: Refine spba bus searching in probe (git-fixes).
- dmaengine: qcom: gpi: set DMA_PRIVATE capability (git-fixes).
- dmaengine: tegra: Fix burst size calculation (git-fixes).
- Drivers: hv: vmbus: Improve the logic of reserving fb_mmio on Gen2 VMs (git-fixes).
- drm/amd/display: add missing CSC entries for BT.2020 for DCE IPs (stable-fixes).
- drm/amd/display: Clamp VBIOS HDMI retimer register count to array size (stable-fixes).
- drm/amd/pm: fix smu13 power limit default/cap calculation (stable-fixes).
- drm/amd/pm: mark metrics.energy_accumulator is invalid for smu 14.0.2 (stable-fixes).
- drm/amd/pm: smu_v14_0_0: use SoftMin for gfxclk in set_soft_freq_limited_range (stable-fixes).
- drm/amdgpu: Fix amdgpu_bo_move() when old_mem and new_mem are both GTT (git-fixes).
- drm/amdgpu: initialize irq.lock spinlock earlier (git-fixes).
- drm/amdgpu: restart the CS if some parts of the VM are still invalidated (stable-fixes).
- drm/amdgpu: skip already suspended IP blocks in ip_suspend_phase2 (git-fixes).
- drm/amdgpu: validate CP_GFX_SHADOW chunk size in CS pass1 (git-fixes).
- drm/amdkfd: Avoid double-unpin of DOORBELL/MMIO BOs on free (git-fixes).
- drm/amdkfd: Check for pdd drm file first in CRIU restore path (stable-fixes).
- drm/amdkfd: fix list_del corruption in kfd_criu_resume_svm (git-fixes).
- drm/amdkfd: fix NULL pointer bug in svm_range_set_attr (stable-fixes).
- drm/amdkfd: Use exclusive bounds for SVM split alignment checks (git-fixes).
- drm/dp: Add eDP 1.5 bit definition (stable-fixes).
- drm/edid: fix OOB read in drm_parse_tiled_block() (git-fixes).
- drm/i915/gem: Add missing nospec on parallel submit slot (git-fixes).
- drm/i915/psr: Add defininitions for INTEL_WA_REGISTER_CAPS DPCD register (stable-fixes).
- drm/i915: clear CRTC color blob pointers after dropping refs (git-fixes).
- drm/nouveau/acr: fix missing nvkm_done() in error path of nvkm_acr_oneinit() (git-fixes).
- drm/nouveau: fix reversed error cleanup order in ucopy functions (git-fixes).
- ethtool: provide customized dim profile management (bsc#1261256).
- fpga: dfl: add bounds check in dfh_get_param_size() (git-fixes).
- fpga: microchip-spi: fix zero header_size OOB read in mpf_ops_parse_header() (git-fixes).
- fpga: region: fix use-after-free in child_regions_with_firmware() (git-fixes).
- HID: logitech-hidpp: remove excess kernel-doc member in hidpp_scroll_counter (git-fixes).
- HID: quirks: Add ALWAYS_POLL quirk for SIGMACHIP USB mouse (stable-fixes).
- HID: wacom: stop hardware after post-start probe failures (git-fixes).
- HID: wiimote: Fix table layout and whitespace errors (git-fixes).
- hv: utils: handle and propagate errors in kvp_register (git-fixes).
- hv_balloon: Simplify data output in hv_balloon_debug_show() (git-fixes).
- hyperv: Clean up and fix the guest ID comment in hvgdk.h (git-fixes).
- i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl (stable-fixes).
- i2c: mpc: Fix timeout calculations (git-fixes).
- i2c: stm32f7: truncate clock period instead of rounding it (git-fixes).
- i3c: master: Prevent reuse of dynamic address on device add failure (git-fixes).
- iio: accel: mma8452: handle I2C read error(s) in mma8452_read() (git-fixes).
- iio: adc: npcm: Convert to platform remove callback returning void (stable-fixes).
- iio: adc: xilinx-ams: fix out-of-bounds channel lookup in event handling (git-fixes).
- iio: chemical: scd30: Cleanup initializations and fix sign-extension bug (git-fixes).
- iio: chemical: scd30: fix division by zero in write_raw (git-fixes).
- iio: chemical: scd30: Use guard(mutex) to allow early returns (stable-fixes).
- iio: gyro: bmg160: bail out when bandwidth/filter is not in table (git-fixes).
- iio: gyro: bmg160: wait full startup time after mode change at probe (git-fixes).
- iio: light: opt3001: fix missing state reset on timeout (git-fixes).
- iio: light: si1133: prevent race condition on timeout (git-fixes).
- iio: light: si1133: reset counter to prevent race condition (git-fixes).
- iio: light: veml6030: fix channel type when pushing events (git-fixes).
- iio: magnetometer: ak8975: Add missed pm_runtime_put_autosuspend() call (git-fixes).
- iio: magnetometer: ak8975: fix potential kernel stack memory leak (git-fixes).
- iio: tcs3472: power down chip on probe failure (git-fixes).
- iio: temperature: ltc2983: Fix reinit_completion() called after conversion start (git-fixes).
- Input: atkbd - add DMI quirk for Lenovo Yoga Air 14 (83QK) (stable-fixes).
- Input: elan_i2c - validate firmware size before use (stable-fixes).
- Input: synaptics - add LEN2058 to SMBus passlist for ThinkPad E490 (stable-fixes).
- Input: synaptics-rmi4 - bound the F3A keymap to the GPIO count (git-fixes).
- Input: synaptics-rmi4 - bound the F30 keymap to the GPIO/LED count (git-fixes).
- Input: xpad - add 'Nova 2 Lite' from GameSir (stable-fixes).
- Input: xpad - add support for ASUS ROG RAIKIRI II (stable-fixes).
- iommu/s390: allow larger region tables (jsc#PED-15880).
- iommu/s390: Fix memory corruption when using identity domain (jsc#PED-15880).
- iommu/s390: handle IOAT registration based on domain (jsc#PED-15880).
- iommu/s390: implement iommu passthrough via identity domain (jsc#PED-15880).
- iommu/s390: set appropriate IOTA region type (jsc#PED-15880).
- iommu/s390: support cleanup of additional table regions (jsc#PED-15880).
- iommu/s390: support iova_to_phys for additional table regions (jsc#PED-15880).
- iommu/s390: support map/unmap for additional table regions (jsc#PED-15880).
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (git-fixes).
- KVM: s390: Limit adapter indicator access to mapped page (bsc#1268159).
- KVM: SVM: Fix page overflow in sev_dbg_crypt() for ENCRYPT path (git-fixes).
- KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (git-fixes).
- KVM: SVM: Truncate INVLPGA address in compatibility mode (git-fixes).
- KVM: VMX: Grab vmcs12 on CR8 interception update iff vCPU is in guest mode (git-fixes).
- KVM: x86/mmu: Ensure hugepage is in by slot before checking max mapping level (git-fixes).
- KVM: x86/mmu: Recursively zap orphaned nested TDP shadow pages on emulated writes (git-fixes).
- KVM: x86: hyper-v: Bound the bank index when querying sparse banks (git-fixes).
- KVM: x86: ioapic: Use old_dest_mode consistently in ioapic_write_indirect() (git-fixes).
- KVM: x86: Move update_cr8_intercept() to lapic.c (git-fixes).
- KVM: x86: Unconditionally recompute CR8 intercept on PPR update (git-fixes).
- leds: uleds: Fix potential buffer overread (git-fixes).
- linux/dim: move useful macros to .h file (bsc#1261256).
- loadpin: Prevent SECURITY_LOADPIN_ENFORCE=y without module decompression (jsc#PED-16303).
- loadpin: remove MODULE_COMPRESS_NONE as it is no longer supported (jsc#PED-16303).
- mailbox: mtk-adsp: fix UAF during device teardown (git-fixes).
- media: aspeed: fix missing of_reserved_mem_device_release() on probe failure (git-fixes).
- media: cec: seco: unregister adapter on IR probe failure (git-fixes).
- media: cedrus: Fix failure to clean up hardware on probe failure (git-fixes).
- media: cedrus: Fix missing cleanup in error path (git-fixes).
- media: cedrus: skip invalid H.264 reference list entries (git-fixes).
- media: marvell-cam: fix missing pci_disable_device() on remove (git-fixes).
- media: mtk-jpeg: cancel workqueue on release for supported platforms only (git-fixes).
- media: pci: dm1105: Free allocated workqueue (git-fixes).
- media: ti: vpe: unwind v4l2 device registration on probe error (git-fixes).
- media: v4l2-ctrls: validate HEVC active reference counts (git-fixes).
- media: vidtv: fix NULL pointer dereference in vidtv_mux_push_si (git-fixes).
- media: vidtv: fix reference leak on failed device registration (git-fixes).
- media: vimc: fix reference leak on failed device registration (git-fixes).
- media: vpif_capture: fix OF node reference imbalance (git-fixes).
- module: fix init_module_from_file() error handling (jsc#PED-16303).
- module: make waiting for a concurrent module loader interruptible (jsc#PED-16303).
- module: Split modules_install compression and in-kernel decompression (jsc#PED-16303).
- module: split up 'finit_module()' into init_module_from_file() helper (jsc#PED-16303).
- module: warn about excessively long module waits (jsc#PED-16303).
- modules: catch concurrent module loads, treat them as idempotent (jsc#PED-16303).
- mtd: maps: vmu-flash: fix NULL pointer dereference in initialization (git-fixes).
- mtd: rawnand: fix condition in 'nand_select_target()' (git-fixes).
- mtd: rawnand: pl353: fix probe resource allocation (git-fixes).
- mtd: slram: remove failed entries from the device list (git-fixes).
- mtd: spi-nor: Drop duplicate Kconfig dependency (git-fixes).
- mtd: spi-nor: swp: Improve locking user experience (git-fixes).
- net: aquantia: Add missing descriptor cache invalidation on ATL2 (bsc#1268428).
- net: ethtool: add ethtool COALESCE_RX_CQE_FRAMES/NSECS (bsc#1261256).
- net: mana: Add ethtool counters for RX CQEs in coalesced type (bsc#1261256).
- net: mana: Add support for PF device 0x00C1 (bsc#1268237).
- net: mana: Add support for RX CQE Coalescing (bsc#1261256).
- net: mana: Allocate interrupt context for each EQ when creating vPort (git-fixes).
- net: mana: Create separate EQs for each vPort (git-fixes).
- net: mana: Fall back to standard MTU when PF reports adapter_mtu of 0 (git-fixes).
- net: mana: guard TX wq object destroy with INVALID_MANA_HANDLE check (git-fixes).
- net: mana: initialize gdma queue id to INVALID_QUEUE_ID (git-fixes).
- net: mana: Introduce GIC context with refcounting for interrupt management (git-fixes).
- net: mana: Optimize irq affinity for low vcpu configs (git-fixes).
- net: mana: Query device capabilities and configure MSI-X sharing for EQs (git-fixes).
- net: mana: Use GIC functions to allocate global EQs (git-fixes).
- nfc: hci: fix out-of-bounds read in HCP header parsing (git-fixes).
- nfc: llcp: Fix use-after-free in llcp_sock_release() (git-fixes).
- nfc: llcp: Fix use-after-free race in nfc_llcp_recv_cc() (git-fixes).
- page_pool: Move pp_magic check into helper functions (bsc#1261562).
- page_pool: Track DMA-mapped pages and unmap them when destroying the pool (bsc#1261562).
- platform/x86: intel-hid: Protect ACPI notify handler against recursion (git-fixes).
- platform/x86: xo15-ebook: Fix wakeup source and GPE handling (git-fixes).
- power: reset: linkstation-poweroff: fix use-after-free in the linkstation_poweroff_init() (git-fixes).
- power: supply: charger-manager: fix refcount leak in is_full_charged() (git-fixes).
- power: supply: core: fix supplied_from allocations (git-fixes).
- power: supply: cpcap-battery: Fix missing nvmem_device_put() causing reference leak (git-fixes).
- powerpc/boot: Allow text relocations for pseries wrapper with binutils 2.46+ (git-fixes).
- powerpc/fadump: define MIN_RMA in bytes rather than MB (bsc#1236743 git-fixes).
- RDMA/mana_ib: Allocate interrupt contexts on EQs (git-fixes).
- RDMA/mana_ib: Use ib_get_eth_speed for reporting port speed (git-fixes).
- rtc: abx80x: fix the RTC_VL_CLR clearing all status flags (git-fixes).
- rtc: cmos: unregister HPET IRQ handler on probe failure (git-fixes).
- rtc: ds1307: Fix off-by-one issue with wday for rx8130 (git-fixes).
- rtc: ds1307: handle oscillator stop flag for ds1337/ds1339/ds3231 (git-fixes).
- rtc: mpfs: fix counter upload completion condition (git-fixes).
- rtc: msc313: fix NULL deref in shared IRQ handler at probe (git-fixes).
- s390/pci: check for relaxed translation capability (jsc#PED-15880).
- s390/pci: Fix dev.dma_range_map missing sentinel element (jsc#PED-15880).
- s390/pci: store DMA offset in bus_dma_region (jsc#PED-15880).
- scsi: storvsc: Replace symbolic permissions with octal (git-fixes).
- scsi: target: Fix hexadecimal CHAP_I handling (git-fixes).
- selftests/bpf: Add BPF_STRICT_BUILD toggle (bsc#1269617).
- selftests/bpf: Allow test_progs to link with a partial object set (bsc#1269617).
- selftests/bpf: Fix test_kmods KDIR to honor O= and distro kernels (bsc#1269617).
- selftests/bpf: Make skeleton headers order-only prerequisites of .test.d (bsc#1269617).
- selftests/bpf: Provide weak definitions for cross-test functions (bsc#1269617).
- selftests/bpf: Skip tests whose objects were not built (bsc#1269617).
- selftests/bpf: Tolerate benchmark build failures (bsc#1269617).
- selftests/bpf: Tolerate BPF and skeleton generation failures (bsc#1269617).
- selftests/bpf: Tolerate missing files during install (bsc#1269617).
- selftests/bpf: Tolerate test file compilation failures (bsc#1269617).
- serdev: make serdev_bus_type const (stable-fixes).
- spi: dw: fix wrong BAUDR setting after resume (git-fixes).
- spi: rpc-if: Use correct device for hardware reinitialization on resume (git-fixes).
- spi: uniphier: Fix completion initialization order before devm_request_irq() (git-fixes).
- Split off kABI workaround for bsc#1267458 (bsc#1267458).
- staging: most: video: avoid double free on video register failure (git-fixes).
- staging: nvec: fix use-after-free in nvec_rx_completed() (git-fixes).
- thermal: intel: Fix dangling resources on thermal_throttle_online() failure (git-fixes).
- tpm: fix event_size output in tpm1_binary_bios_measurements_show (git-fixes).
- tpm: tpm_tis_spi: Use wait_woken() in wait_for_tmp_stat() (git-fixes).
- usb: core: Fix SuperSpeed root hub wMaxPacketSize (stable-fixes).
- usb: core: Fix up Interrupt IN endpoints with bogus wBytesPerInterval (stable-fixes).
- usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo (git-fixes).
- usb: host: max3421: Fix shift-out-of-bounds in max3421_hub_control() (git-fixes).
- usb: host: max3421: Reject hub port requests for non-existent ports (git-fixes).
- USB: quirks: add NO_LPM for Lenovo ThinkPad USB-C Dock Gen2 hub controllers (stable-fixes).
- USB: serial: option: add MeiG SRM813Q (stable-fixes).
- USB: serial: option: add usb-id for Dell Wireless DW5826e-m (stable-fixes).
- usb: storage: Add quirks for PNY Elite Portable SSD (stable-fixes).
- usb: typec: altmodes/displayport: validate count before reading Status Update VDO (stable-fixes).
- usb: typec: tcpm/tcpci_maxim: validate header NDO against RX_BYTE_CNT (stable-fixes).
- usb: typec: ucsi: ccg: reject firmware images without a ':' record header (stable-fixes).
- usb: typec: ucsi: displayport: NAK DP_CMD_CONFIGURE without a payload VDO (stable-fixes).
- usb: typec: ucsi: validate connector number in ucsi_connector_change() (stable-fixes).
- usb: typec: wcove: don't write past struct pd_message in wcove_read_rx_buffer() (stable-fixes).
- vc_screen: fix null-ptr-deref in vcs_notifier() during concurrent vcs_write (git-fixes).
- watchdog/hpwdt: Refine hpwdt message for UV platform (bsc#1269199).
- x86/platform/uv: Expose the uv_hub_type() interface (jsc#PED-16305).
- x86/tsc: Disable clocksource watchdog checking on recent and future UV platforms (jsc#PED-16305).
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.
Plugin Details
File Name: suse_SU-2026-2800-1.nasl
Agent: unix
Supported Sensors: Nessus Agent, Continuous Assessment, Nessus
Risk Information
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:kernel-default-livepatch, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-64kb, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:reiserfs-kmp-default, p-cpe:/a:novell:suse_linux:kernel-livepatch-6_4_0-150700_53_66-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-zfcpdump, p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:kernel-obs-build
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: Exploits are available
Patch Publication Date: 7/8/2026
Vulnerability Publication Date: 7/7/2025
Reference Information
CVE: CVE-2025-40216, CVE-2025-40341, CVE-2025-71294, CVE-2026-23451, CVE-2026-31450, CVE-2026-31462, CVE-2026-31466, CVE-2026-31502, CVE-2026-31647, CVE-2026-31670, CVE-2026-31677, CVE-2026-31697, CVE-2026-31698, CVE-2026-31699, CVE-2026-31771, CVE-2026-43010, CVE-2026-43022, CVE-2026-43034, CVE-2026-43053, CVE-2026-43074, CVE-2026-43079, CVE-2026-43080, CVE-2026-43081, CVE-2026-43085, CVE-2026-43086, CVE-2026-43089, CVE-2026-43093, CVE-2026-43094, CVE-2026-43107, CVE-2026-43109, CVE-2026-43128, CVE-2026-43139, CVE-2026-43233, CVE-2026-43238, CVE-2026-43284, CVE-2026-43303, CVE-2026-43336, CVE-2026-43420, CVE-2026-43456, CVE-2026-43472, CVE-2026-43492, CVE-2026-43502, CVE-2026-45838, CVE-2026-45848, CVE-2026-45891, CVE-2026-45912, CVE-2026-45948, CVE-2026-45985, CVE-2026-46028, CVE-2026-46053, CVE-2026-46063, CVE-2026-46065, CVE-2026-46069, CVE-2026-46071, CVE-2026-46076, CVE-2026-46112, CVE-2026-46116, CVE-2026-46120, CVE-2026-46124, CVE-2026-46133, CVE-2026-46173, CVE-2026-46185, CVE-2026-46197, CVE-2026-46214, CVE-2026-46227, CVE-2026-46229, CVE-2026-46253, CVE-2026-46254, CVE-2026-46266, CVE-2026-46274, CVE-2026-46289, CVE-2026-46291, CVE-2026-46315, CVE-2026-46319, CVE-2026-46320, CVE-2026-46328, CVE-2026-46330, CVE-2026-46331, CVE-2026-52908, CVE-2026-52909, CVE-2026-52918, CVE-2026-52923, CVE-2026-52943, CVE-2026-52954, CVE-2026-52957, CVE-2026-52962, CVE-2026-52969, CVE-2026-52972, CVE-2026-53016, CVE-2026-53040, CVE-2026-53041, CVE-2026-53052, CVE-2026-53053, CVE-2026-53071, CVE-2026-53072, CVE-2026-53122, CVE-2026-53133, CVE-2026-53138, CVE-2026-53182, CVE-2026-53253, CVE-2026-53266, CVE-2026-53281, CVE-2026-53287, CVE-2026-53359, CVE-2026-53362
SuSE: SUSE-SU-2026:2800-1