SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2026:2914-1)

high Nessus Plugin ID 326705

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2914-1 advisory.

The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2023-53995: net: ipv4: fix one memleak in __inet_del_ifa() (bsc#1255616).
- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
- CVE-2026-23451: bonding: prevent potential infinite loop in bond_header_parse() (bsc#1261604).
- CVE-2026-31462: drm/amdgpu: prevent immediate PASID reuse case (bsc#1262655).
- CVE-2026-31499: Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del() (bsc#1262674).
- CVE-2026-31502: team: fix header_ops type confusion with non-Ethernet ports (bsc#1263072).
- CVE-2026-31592: KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock (bsc#1263123).
- CVE-2026-31670: net: rfkill: prevent unlimited numbers of rfkill events from being created (bsc#1263573).
- CVE-2026-31677: crypto: af_alg - limit RX SG extraction by receive buffer budget (bsc#1263560).
- CVE-2026-31680: net: ipv6: flowlabel: defer exclusive option free until RCU teardown (bsc#1263563).
- CVE-2026-31773: Bluetooth: SMP: derive legacy responder STK authentication from MITM state (bsc#1264039).
- CVE-2026-31781: drm/ioc32: stop speculation on the drm_compat_ioctl path (bsc#1264033).
- CVE-2026-43035: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (bsc#1263996).
- CVE-2026-43036: net: use skb_header_pointer() for TCPv4 GSO frag_off check (bsc#1263993).
- CVE-2026-43043: crypto: af-alg - fix NULL pointer dereference in scatterwalk (bsc#1264088).
- CVE-2026-43047: HID: multitouch: Check to ensure report responses match the request (bsc#1264073).
- CVE-2026-43051: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (bsc#1264065).
- CVE-2026-43080: l2tp: Drop large packets with UDP encap (bsc#1264236).
- CVE-2026-43089: xfrm_user: fix info leak in build_mapping() (bsc#1264261).
- CVE-2026-43093: xsk: tighten UMEM headroom validation to account for tailroom and min frame (bsc#1264254).
- CVE-2026-43112: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (bsc#1264437).
- CVE-2026-43117: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1264414).
- CVE-2026-43139: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() (bsc#1264294).
- CVE-2026-43233: netfilter: nf_conntrack_h323: fix OOB read in decode_choice() (bsc#1264337).
- CVE-2026-43279: ALSA: usb-audio: Add sanity check for OOB writes at silencing (bsc#1264618).
- CVE-2026-43336: lib/crypto: chacha: Zeroize permuted_state before it leaves scope (bsc#1265113).
- CVE-2026-43456: bonding: fix type confusion in bond_setup_by_slave() (bsc#1264734).
- CVE-2026-43472: unshare: fix unshare_fs() handling (bsc#1264748).
- CVE-2026-43492: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() (bsc#1265629).
- CVE-2026-45840: openvswitch: cap upcall PID array size and pre-size vport replies (bsc#1266397).
- CVE-2026-45912: ext4: don't cache extent during splitting extent (bsc#1266899).
- CVE-2026-45948: ext4: fix memory leak in ext4_ext_shift_extents() (bsc#1266929).
- CVE-2026-45960: hfsplus: return error when node already exists in hfs_bnode_create (bsc#1266971).
- CVE-2026-46028: crypto: algif_aead - snapshot IV for async AEAD requests (bsc#1267430).
- CVE-2026-46065: fbdev: defio: Disconnect deferred I/O from the lifetime of struct (bsc#1267458).
- CVE-2026-46069: wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() (bsc#1267437).
- CVE-2026-46082: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (bsc#1267473).
- CVE-2026-46124: isofs: validate block number from NFS file handle in isofs_export_iget (bsc#1266847).
- CVE-2026-46133: RDMA/rxe: Reject unknown opcodes before ICRC processing (bsc#1266928).
- CVE-2026-46253: pstore/ram: fix buffer overflow in persistent_ram_save_old() (bsc#1267635).
- CVE-2026-46254: AppArmor: Allow apparmor to handle unaligned dfa tables (bsc#1267637).
- CVE-2026-46266: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP (bsc#1267684).
- CVE-2026-46275: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths (bsc#1267968).
- CVE-2026-46299: hfsplus: fix held lock freed on hfsplus_fill_super() (bsc#1267920).
- CVE-2026-46320: tap: free page on error paths in tap_get_user_xdp() (bsc#1267993).
- CVE-2026-46328: apparmor: fix rlimit for posix cpu timers (bsc#1268037).
- CVE-2026-46331: net/sched: fix pedit partial COW leading to page cache (bsc#1265421).
- CVE-2026-52918: Bluetooth: serialize accept_q access (bsc#1269100).
- CVE-2026-52923: ipc: limit next_id allocation to the valid ID range (bsc#1269033).
- CVE-2026-52954: libceph: handle rbtree insertion error in decode_choose_args() (bsc#1269137).
- CVE-2026-52955: libceph: Fix potential out-of-bounds access in crush_decode() (bsc#1269159).
- CVE-2026-52957: libceph: Fix potential null-ptr-deref in decode_choose_args() (bsc#1269103).
- CVE-2026-52962: ceph: fix a buffer leak in __ceph_setxattr() (bsc#1269135).
- CVE-2026-52972: crypto: af_alg - Cap AEAD AD length to 0x80000000 (bsc#1269195).
- CVE-2026-53040: ocfs2: validate bg_bits during freefrag scan (bsc#1269397).
- CVE-2026-53041: ocfs2: fix listxattr handling when the buffer is full (bsc#1269398).
- CVE-2026-53075: ppp: require CAP_NET_ADMIN in target netns for unattached ioctls (bsc#1269690).
- CVE-2026-53148: thunderbolt: Clamp XDomain response data copy to allocation size (bsc#1269786).
- CVE-2026-53150: thunderbolt: Reject zero-length property entries in validator (bsc#1269386).
- CVE-2026-53194: USB: serial: kl5kusb105: fix bulk-out buffer overflow (bsc#1269904).
- CVE-2026-53253: Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame() extension handling (bsc#1269574).
- CVE-2026-53287: audit: fix incorrect inheritable capability in CAPSET records (bsc#1269506).
- CVE-2026-53359: KVM: x86: Fix shadow paging use-after-free due to unexpected role (bsc#1270059).

The following non security issues were fixed:

- btrfs: tracepoints: fix sleep while in atomic context in btrfs_sync_file() (git-fixes).
- libceph: add non-asserting rbtree insertion helper (bsc#1269137).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1255616

https://bugzilla.suse.com/1259891

https://bugzilla.suse.com/1261604

https://bugzilla.suse.com/1262655

https://bugzilla.suse.com/1262674

https://bugzilla.suse.com/1263072

https://bugzilla.suse.com/1263123

https://bugzilla.suse.com/1263169

https://bugzilla.suse.com/1263560

https://bugzilla.suse.com/1263563

https://bugzilla.suse.com/1263573

https://bugzilla.suse.com/1263993

https://bugzilla.suse.com/1263996

https://bugzilla.suse.com/1264033

https://bugzilla.suse.com/1264039

https://bugzilla.suse.com/1264065

https://bugzilla.suse.com/1264073

https://bugzilla.suse.com/1264088

https://bugzilla.suse.com/1264236

https://bugzilla.suse.com/1264254

https://bugzilla.suse.com/1264261

https://bugzilla.suse.com/1264294

https://bugzilla.suse.com/1264337

https://bugzilla.suse.com/1264414

https://bugzilla.suse.com/1264437

https://bugzilla.suse.com/1264449

https://bugzilla.suse.com/1264618

https://bugzilla.suse.com/1264734

https://bugzilla.suse.com/1264748

https://bugzilla.suse.com/1265113

https://bugzilla.suse.com/1265421

https://bugzilla.suse.com/1265629

https://bugzilla.suse.com/1266397

https://bugzilla.suse.com/1266847

https://bugzilla.suse.com/1266899

https://bugzilla.suse.com/1266928

https://bugzilla.suse.com/1266929

https://bugzilla.suse.com/1266971

https://bugzilla.suse.com/1267430

https://bugzilla.suse.com/1267437

https://bugzilla.suse.com/1267458

https://bugzilla.suse.com/1267473

https://bugzilla.suse.com/1267635

https://bugzilla.suse.com/1267637

https://bugzilla.suse.com/1267684

https://bugzilla.suse.com/1267920

https://bugzilla.suse.com/1267968

https://bugzilla.suse.com/1267993

https://bugzilla.suse.com/1268037

https://bugzilla.suse.com/1269033

https://bugzilla.suse.com/1269100

https://bugzilla.suse.com/1269103

https://bugzilla.suse.com/1269135

https://bugzilla.suse.com/1269137

https://bugzilla.suse.com/1269159

https://bugzilla.suse.com/1269195

https://bugzilla.suse.com/1269386

https://bugzilla.suse.com/1269397

https://bugzilla.suse.com/1269398

https://bugzilla.suse.com/1269506

https://bugzilla.suse.com/1269574

https://bugzilla.suse.com/1269690

https://bugzilla.suse.com/1269786

https://bugzilla.suse.com/1269904

https://bugzilla.suse.com/1270059

https://lists.suse.com/pipermail/sle-updates/2026-July/048161.html

https://www.suse.com/security/cve/CVE-2023-53995

https://www.suse.com/security/cve/CVE-2026-23255

https://www.suse.com/security/cve/CVE-2026-23451

https://www.suse.com/security/cve/CVE-2026-31462

https://www.suse.com/security/cve/CVE-2026-31499

https://www.suse.com/security/cve/CVE-2026-31502

https://www.suse.com/security/cve/CVE-2026-31580

https://www.suse.com/security/cve/CVE-2026-31592

https://www.suse.com/security/cve/CVE-2026-31670

https://www.suse.com/security/cve/CVE-2026-31677

https://www.suse.com/security/cve/CVE-2026-31680

https://www.suse.com/security/cve/CVE-2026-31773

https://www.suse.com/security/cve/CVE-2026-31781

https://www.suse.com/security/cve/CVE-2026-43035

https://www.suse.com/security/cve/CVE-2026-43036

https://www.suse.com/security/cve/CVE-2026-43043

https://www.suse.com/security/cve/CVE-2026-43047

https://www.suse.com/security/cve/CVE-2026-43051

https://www.suse.com/security/cve/CVE-2026-43080

https://www.suse.com/security/cve/CVE-2026-43089

https://www.suse.com/security/cve/CVE-2026-43093

https://www.suse.com/security/cve/CVE-2026-43112

https://www.suse.com/security/cve/CVE-2026-43117

https://www.suse.com/security/cve/CVE-2026-43139

https://www.suse.com/security/cve/CVE-2026-43233

https://www.suse.com/security/cve/CVE-2026-43279

https://www.suse.com/security/cve/CVE-2026-43284

https://www.suse.com/security/cve/CVE-2026-43336

https://www.suse.com/security/cve/CVE-2026-43456

https://www.suse.com/security/cve/CVE-2026-43472

https://www.suse.com/security/cve/CVE-2026-43492

https://www.suse.com/security/cve/CVE-2026-45840

https://www.suse.com/security/cve/CVE-2026-45912

https://www.suse.com/security/cve/CVE-2026-45948

https://www.suse.com/security/cve/CVE-2026-45960

https://www.suse.com/security/cve/CVE-2026-46028

https://www.suse.com/security/cve/CVE-2026-46065

https://www.suse.com/security/cve/CVE-2026-46069

https://www.suse.com/security/cve/CVE-2026-46082

https://www.suse.com/security/cve/CVE-2026-46124

https://www.suse.com/security/cve/CVE-2026-46133

https://www.suse.com/security/cve/CVE-2026-46253

https://www.suse.com/security/cve/CVE-2026-46254

https://www.suse.com/security/cve/CVE-2026-46266

https://www.suse.com/security/cve/CVE-2026-46275

https://www.suse.com/security/cve/CVE-2026-46299

https://www.suse.com/security/cve/CVE-2026-46320

https://www.suse.com/security/cve/CVE-2026-46328

https://www.suse.com/security/cve/CVE-2026-46331

https://www.suse.com/security/cve/CVE-2026-52918

https://www.suse.com/security/cve/CVE-2026-52923

https://www.suse.com/security/cve/CVE-2026-52954

https://www.suse.com/security/cve/CVE-2026-52955

https://www.suse.com/security/cve/CVE-2026-52957

https://www.suse.com/security/cve/CVE-2026-52962

https://www.suse.com/security/cve/CVE-2026-52972

https://www.suse.com/security/cve/CVE-2026-53040

https://www.suse.com/security/cve/CVE-2026-53041

https://www.suse.com/security/cve/CVE-2026-53075

https://www.suse.com/security/cve/CVE-2026-53148

https://www.suse.com/security/cve/CVE-2026-53150

https://www.suse.com/security/cve/CVE-2026-53194

https://www.suse.com/security/cve/CVE-2026-53253

https://www.suse.com/security/cve/CVE-2026-53287

https://www.suse.com/security/cve/CVE-2026-53359

Plugin Details

Severity: High

ID: 326705

File Name: suse_SU-2026-2914-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 7/14/2026

Updated: 7/14/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

Percentile: 99.86

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2026-53148

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:cluster-md-kmp-default, p-cpe:/a:novell:suse_linux:gfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_320-default, p-cpe:/a:novell:suse_linux:ocfs2-kmp-default, p-cpe:/a:novell:suse_linux:kernel-default-kgraft, p-cpe:/a:novell:suse_linux:dlm-kmp-default, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-default-man

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/13/2026

Vulnerability Publication Date: 7/21/2021

Reference Information

CVE: CVE-2023-53995, CVE-2026-23255, CVE-2026-23451, CVE-2026-31462, CVE-2026-31499, CVE-2026-31502, CVE-2026-31580, CVE-2026-31592, CVE-2026-31670, CVE-2026-31677, CVE-2026-31680, CVE-2026-31773, CVE-2026-31781, CVE-2026-43035, CVE-2026-43036, CVE-2026-43043, CVE-2026-43047, CVE-2026-43051, CVE-2026-43080, CVE-2026-43089, CVE-2026-43093, CVE-2026-43112, CVE-2026-43117, CVE-2026-43139, CVE-2026-43233, CVE-2026-43279, CVE-2026-43284, CVE-2026-43336, CVE-2026-43456, CVE-2026-43472, CVE-2026-43492, CVE-2026-45840, CVE-2026-45912, CVE-2026-45948, CVE-2026-45960, CVE-2026-46028, CVE-2026-46065, CVE-2026-46069, CVE-2026-46082, CVE-2026-46124, CVE-2026-46133, CVE-2026-46253, CVE-2026-46254, CVE-2026-46266, CVE-2026-46275, CVE-2026-46299, CVE-2026-46320, CVE-2026-46328, CVE-2026-46331, CVE-2026-52918, CVE-2026-52923, CVE-2026-52954, CVE-2026-52955, CVE-2026-52957, CVE-2026-52962, CVE-2026-52972, CVE-2026-53040, CVE-2026-53041, CVE-2026-53075, CVE-2026-53148, CVE-2026-53150, CVE-2026-53194, CVE-2026-53253, CVE-2026-53287, CVE-2026-53359

SuSE: SUSE-SU-2026:2914-1