SUSE-SU-2026:0350-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-20260350-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0350-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2026:0350-1
Upstream
Related
Published
2026-01-30T13:42:59Z
Modified
2026-03-23T04:52:09.859484Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues

The following security issues were fixed:

  • CVE-2022-50282: chardev: fix error handling in cdevdeviceadd() (bsc#1249739).
  • CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault (bsc#1254785).
  • CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
  • CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844).
  • CVE-2022-50726: net/mlx5: Fix possible use-after-free in async command interface (bsc#1256040).
  • CVE-2022-50736: RDMA/siw: Fix immediate work request flush to completion queue (bsc#1256137).
  • CVE-2022-50756: nvme-core: replace ctrl page size with a macro (bsc#1256216).
  • CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
  • CVE-2023-53254: cacheinfo: Fix sharedcpumap to handle shared caches at different levels (bsc#1249871).
  • CVE-2023-53761: USB: usbtmc: Fix direction for 0-length ioctl control messages (bsc#1255002).
  • CVE-2023-53781: smc: Fix use-after-free in tcpwritetimer_handler() (bsc#1254751).
  • CVE-2023-54142: gtp: Fix use-after-free in __gtpencapdestroy() (bsc#1256095).
  • CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in setusersq_size() (bsc#1256053).
  • CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
  • CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
  • CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
  • CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
  • CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
  • CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
  • CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
  • CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
  • CVE-2025-40280: tipc: Fix use-after-free in tipcmonreinit_self() (bsc#1254847).
  • CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
  • CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
  • CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxy_verf (bsc#1256779).
References

Affected packages

SUSE:Linux Enterprise Micro 5.2 / kernel-rt

Package

Name
kernel-rt
Purl
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.232.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.232.1",
            "kernel-rt": "5.3.18-150300.232.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0350-1.json"

SUSE:Linux Enterprise Micro 5.2 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.18-150300.232.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-source-rt": "5.3.18-150300.232.1",
            "kernel-rt": "5.3.18-150300.232.1"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0350-1.json"