SUSE-SU-2026:0954-1

CVE-2022-50423: ACPICA: Fix use-after-free in acpiutcopyipackageto_ipackage() (bsc#1250785).
CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255595).
CVE-2022-50756: nvme-pci: fix mempool alloc size (bsc#1256217).
CVE-2023-53781: smc: Fix use-after-free in tcpwritetimer_handler() (bsc#1254755).
CVE-2025-21738: ata: libata-sff: ensure that we cannot write outside the allocated buffer (bsc#1257118).
CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247240).
CVE-2025-68285: libceph: fix potential use-after-free in havemonandosdmap() (bsc#1255402).
CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256644).
CVE-2025-71085: ipv6: BUG() in pskbexpandhead() as part of calipsoskbuffsetattr() (bsc#1256624).

References

Affected packages

Name: kgraft-patch-SLE12-SP5_Update_68
Purl: pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_68&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12-2.1

{
    "binaries": [
        {
            "kgraft-patch-4_12_14-122_258-default": "12-2.1"
        }
    ]
}

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0954-1.json"