SUSE-SU-2026:20477-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2026/suse-su-202620477-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20477-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2026:20477-1
Upstream
Related
Published
2026-02-24T10:42:46Z
Modified
2026-03-23T04:52:59.338344Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues

The following security issues were fixed:

  • CVE-2023-54013: interconnect: Fix locking for runpm vs reclaim (bsc#1256280).
  • CVE-2025-38321: smb: Log an error when closeallcached_dirs fails (bsc#1246328).
  • CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd (bsc#1249256).
  • CVE-2025-39880: libceph: fix invalid accesses to cephconnectionv1_info (bsc#1250388).
  • CVE-2025-39890: wifi: ath12k: fix memory leak in ath12kservicereadyextevent (bsc#1250334).
  • CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
  • CVE-2025-40006: mm/hugetlb: fix folio is still mapped when deleted (bsc#1252342).
  • CVE-2025-40024: vhost: Take a reference on the task in struct vhost_task (bsc#1252686).
  • CVE-2025-40033: remoteproc: pru: Fix potential NULL pointer dereference in prurprocset_ctable() (bsc#1252824).
  • CVE-2025-40042: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (bsc#1252861).
  • CVE-2025-40053: net: dlink: handle copy_thresh allocation failure (bsc#1252808).
  • CVE-2025-40081: perf: armspe: Prevent overflow in PERFIDX2OFF() (bsc#1252776).
  • CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
  • CVE-2025-40123: bpf: Enforce expectedattachtype for tailcall compatibility (bsc#1253365).
  • CVE-2025-40134: dm: fix NULL pointer dereference in _dmsuspend() (bsc#1253386).
  • CVE-2025-40135: ipv6: use RCU in ip6_xmit() (bsc#1253342).
  • CVE-2025-40153: mm: hugetlb: avoid soft lockup when mprotect to large memory area (bsc#1253408).
  • CVE-2025-40158: ipv6: use RCU in ip6_output() (bsc#1253402).
  • CVE-2025-40160: xen/events: Cleanup find_virq() return codes (bsc#1253400).
  • CVE-2025-40167: ext4: detect invalid INLINE_DATA + EXTENTS flag combination (bsc#1253458).
  • CVE-2025-40170: net: use dstdevrcu() in sksetupcaps() (bsc#1253413).
  • CVE-2025-40178: pid: Add a judgment for ns null in pidnrns (bsc#1253463).
  • CVE-2025-40179: ext4: verify orphan file size is not too big (bsc#1253442).
  • CVE-2025-40187: net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce() (bsc#1253647).
  • CVE-2025-40190: ext4: guard against EA inode refcount underflow in xattr update (bsc#1253623).
  • CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
  • CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
  • CVE-2025-40231: vsock: fix lock inversion in vsockassigntransport() (bsc#1254815).
  • CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
  • CVE-2025-40238: net/mlx5: Fix IPsec cleanup over MPV device (bsc#1254871).
  • CVE-2025-40240: sctp: avoid NULL dereference when chunk data buffer is missing (bsc#1254869).
  • CVE-2025-40242: gfs2: Fix unlikely race in gdlmputlock (bsc#1255075).
  • CVE-2025-40248: vsock: Ignore signal/timeout on connect() if already established (bsc#1254864).
  • CVE-2025-40250: net/mlx5: Clean up only new IRQ glue on request_irq() failure (bsc#1254854).
  • CVE-2025-40251: devlink: rate: Unset parent pointer in devlratenodes_destroy (bsc#1254856).
  • CVE-2025-40252: net: qlogic/qede: fix potential out-of-bounds read in qedetpacont() and qedetpaend() (bsc#1254849).
  • CVE-2025-40254: net: openvswitch: remove never-working support for setting nsh fields (bsc#1254852).
  • CVE-2025-40257: mptcp: fix a race in mptcppmdeladdtimer() (bsc#1254842).
  • CVE-2025-40258: mptcp: fix race condition in mptcpschedulework() (bsc#1254843).
  • CVE-2025-40259: scsi: sg: Do not sleep in atomic context (bsc#1254845).
  • CVE-2025-40261: nvme: nvme-fc: Ensure ->ioerrwork is cancelled in nvmefcdeletectrl() (bsc#1254839).
  • CVE-2025-40264: be2net: pass wrb_params in case of OS2BMC (bsc#1254835).
  • CVE-2025-40268: cifs: client: fix memory leak in smb3fscontextparseparam (bsc#1255082).
  • CVE-2025-40271: fs/proc: fix uaf in procreaddirde() (bsc#1255297).
  • CVE-2025-40274: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying (bsc#1254830).
  • CVE-2025-40278: net: sched: actife: initialize struct tcife to fix KMSAN kernel-infoleak (bsc#1254825).
  • CVE-2025-40279: net: sched: actconnmark: initialize struct tcife to fix kernel leak (bsc#1254846).
  • CVE-2025-40280: tipc: Fix use-after-free in tipcmonreinit_self() (bsc#1254847).
  • CVE-2025-40287: exfat: fix improper check of dentry.stream.valid_size (bsc#1255030).
  • CVE-2025-40289: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM (bsc#1255042).
  • CVE-2025-40292: virtio-net: fix received length check in big packets (bsc#1255175).
  • CVE-2025-40293: iommufd: Don't overflow during division for dirty tracking (bsc#1255179).
  • CVE-2025-40297: net: bridge: fix use-after-free due to MST port state bypass (bsc#1255187).
  • CVE-2025-40307: exfat: validate cluster allocation bits of the allocation bitmap (bsc#1255039).
  • CVE-2025-40319: bpf: Sync pending IRQ work before freeing ring buffer (bsc#1254794).
  • CVE-2025-40328: smb: client: fix potential UAF in smb2closecached_fid() (bsc#1254624).
  • CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
  • CVE-2025-40337: net: stmmac: Correctly handle Rx checksum offload errors (bsc#1255081).
  • CVE-2025-40338: ASoC: Intel: avs: Do not share the name pointer between components (bsc#1255273).
  • CVE-2025-40339: drm/amdgpu: fix nullptr err of vmhandlemoved (bsc#1255428).
  • CVE-2025-40346: archtopology: Fix incorrect error check in topologyparsecpucapacity() (bsc#1255318).
  • CVE-2025-40350: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ (bsc#1255260).
  • CVE-2025-40355: sysfs: check visibility before changing group attribute ownership (bsc#1255261).
  • CVE-2025-40360: drm/sysfb: Do not dereference NULL pointer in plane reset (bsc#1255095).
  • CVE-2025-40363: net: ipv6: fix field-spanning memcpy warning in AH output (bsc#1255102).
  • CVE-2025-68171: x86/fpu: Ensure XFD state on signal delivery (bsc#1255255).
  • CVE-2025-68174: amd/amdkfd: enhance kfd process check in switch partition (bsc#1255327).
  • CVE-2025-68178: blk-cgroup: fix possible deadlock while configuring policy (bsc#1255266).
  • CVE-2025-68188: tcp: use dstdevrcu() in tcpfastopenactivedisableofo_check() (bsc#1255269).
  • CVE-2025-68190: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpuatomexecutetablelocked() (bsc#1255131).
  • CVE-2025-68200: bpf: Add bpfprogrundatapointers() (bsc#1255241).
  • CVE-2025-68201: drm/amdgpu: remove two invalid BUG_ON()s (bsc#1255136).
  • CVE-2025-68204: pmdomain: arm: scmi: Fix genpd leak on provider registration failure (bsc#1255224).
  • CVE-2025-68206: netfilter: nft_ct: add seqadj extension for natted connections (bsc#1255142).
  • CVE-2025-68208: bpf: account for current allocated stack depth in widenimprecisescalars() (bsc#1255227).
  • CVE-2025-68209: mlx5: Fix default values in create CQ (bsc#1255230).
  • CVE-2025-68227: mptcp: Fix proto fallback detection with BPF (bsc#1255216).
  • CVE-2025-68230: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (bsc#1255134).
  • CVE-2025-68239: binfmtmisc: restore write access before closing files opened by openexec() (bsc#1255272).
  • CVE-2025-68241: ipv4: route: Prevent rtbindexception() from rebinding stale fnhe (bsc#1255157).
  • CVE-2025-68245: net: netpoll: fix incorrect refcount handling causing incorrect cleanup (bsc#1255268).
  • CVE-2025-68255: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (bsc#1255395).
  • CVE-2025-68259: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (bsc#1255199).
  • CVE-2025-68261: ext4: add idatasem protection in ext4destroyinlinedatanolock() (bsc#1255164).
  • CVE-2025-68264: ext4: refresh inline data size before write operations (bsc#1255380).
  • CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handleauthsession_key() (bsc#1255377).
  • CVE-2025-68285: libceph: fix potential use-after-free in havemonandosdmap() (bsc#1255401).
  • CVE-2025-68296: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (bsc#1255128).
  • CVE-2025-68297: ceph: fix crash in processv2sparse_read() for encrypted directories (bsc#1255403).
  • CVE-2025-68301: net: atlantic: fix fragment overflow handling in RX path (bsc#1255120).
  • CVE-2025-68320: lan966x: Fix sleeping in atomic context (bsc#1255172).
  • CVE-2025-68325: net/sched: schcake: Fix incorrect qlen reduction in cakedrop (bsc#1255417).
  • CVE-2025-68327: usb: renesas_usbhs: Fix synchronous external abort on unbind (bsc#1255488).
  • CVE-2025-68337: jbd2: avoid bugon in jbd2journalgetcreate_access() when file system corrupted (bsc#1255482).
  • CVE-2025-68340: team: Move team device type change at the end of teamportadd (bsc#1255507).
  • CVE-2025-68349: NFSv4/pNFS: Clear NFSINOLAYOUTCOMMIT in pnfsmarklayoutstateidinvalid (bsc#1255544).
  • CVE-2025-68363: bpf: Check skb->transportheader is set in bpfskbcheckmtu (bsc#1255552).
  • CVE-2025-68365: fs/ntfs3: Initialize allocated memory before use (bsc#1255548).
  • CVE-2025-68366: nbd: defer config unlock in nbdgenlconnect (bsc#1255622).
  • CVE-2025-68367: macintosh/machid: fix race condition in machidtoggleemumouse (bsc#1255547).
  • CVE-2025-68372: nbd: defer config put in recv_work (bsc#1255537).
  • CVE-2025-68378: bpf: Refactor stack map trace depth calculation into helper function (bsc#1255614).
  • CVE-2025-68379: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (bsc#1255695).
  • CVE-2025-68727: ntfs3: Fix uninit buffer allocated by __getname() (bsc#1255568).
  • CVE-2025-68728: ntfs3: fix uninit memory after failed miread in miformat_new (bsc#1255539).
  • CVE-2025-68733: smack: fix bug: unprivileged task can create labels (bsc#1255615).
  • CVE-2025-68742: bpf: Improve program stats run-time calculation (bsc#1255707).
  • CVE-2025-68744: bpf: Free special fields when update [lru_,]percpu_hash maps (bsc#1255709).
  • CVE-2025-68764: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (bsc#1255930).
  • CVE-2025-68768: inet: frags: add inetfragqueue_flush() (bsc#1256579).
  • CVE-2025-68770: bnxten: Fix XDPTX path (bsc#1256584).
  • CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2findvictim_chain (bsc#1256582).
  • CVE-2025-68775: net/handshake: duplicate handshake cancellations leak socket (bsc#1256665).
  • CVE-2025-68776: net/hsr: fix NULL pointer dereference in prpgetuntagged_frame() (bsc#1256659).
  • CVE-2025-68788: fsnotify: do not generate ACCESS/MODIFY events on child for special files (bsc#1256638).
  • CVE-2025-68795: ethtool: Avoid overflowing userspace buffer on stats query (bsc#1256688).
  • CVE-2025-68798: perf/x86/amd: Check event before enable to avoid GPF (bsc#1256689).
  • CVE-2025-68800: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (bsc#1256646).
  • CVE-2025-68801: mlxsw: spectrum_router: Fix neighbour use-after-free (bsc#1256653).
  • CVE-2025-68803: nfsd: set security label during create operations (bsc#1256770).
  • CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
  • CVE-2025-68814: io_uring: fix filename leak in __ioopenatprep() (bsc#1256651).
  • CVE-2025-68815: net/sched: ets: Remove drr class from the active list if it changes to strict (bsc#1256680).
  • CVE-2025-68816: net/mlx5: fw_tracer, Validate format string parameters (bsc#1256674).
  • CVE-2025-68820: ext4: xattr: fix null pointer deref in ext4rawinode() (bsc#1256754).
  • CVE-2025-71064: net: hns3: using the num_tqps in the vf driver to apply for resources (bsc#1256654).
  • CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange (bsc#1256645).
  • CVE-2025-71077: tpm: Cap the number of PCR banks (bsc#1256613).
  • CVE-2025-71084: RDMA/cm: Fix leaking the multicast GID table reference (bsc#1256622).
  • CVE-2025-71085: ipv6: BUG() in pskbexpandhead() as part of calipsoskbuffsetattr() (bsc#1256623).
  • CVE-2025-71087: iavf: fix off-by-one issues in iavfconfigrss_reg() (bsc#1256628).
  • CVE-2025-71088: mptcp: fallback earlier on simult connection (bsc#1256630).
  • CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
  • CVE-2025-71091: team: fix check for port enabled in teamqueueoverrideportprio_changed() (bsc#1256773).
  • CVE-2025-71093: e1000: fix OOB in e1000tbishould_accept() (bsc#1256777).
  • CVE-2025-71094: net: usb: asix: ax88772: Increase phy_name size (bsc#1256597).
  • CVE-2025-71095: net: stmmac: fix the crash issue for zero copy XDP_TX action (bsc#1256605).
  • CVE-2025-71096: RDMA/core: Check for the presence of LSNLATYPE_DGID correctly (bsc#1256606).
  • CVE-2025-71097: ipv4: Fix reference count leak when using error routes with nexthop objects (bsc#1256607).
  • CVE-2025-71098: ip6gre: make ip6greheader() robust (bsc#1256591).
  • CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
  • CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
  • CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxy_verf (bsc#1256779).
  • CVE-2025-71123: ext4: fix string copying in parseapplysbmountoptions() (bsc#1256757).
  • CVE-2025-71133: RDMA/irdma: avoid invalid read in irdmanetevent (bsc#1256733).
  • CVE-2025-71135: md/raid5: fix possible null-pointer dereferences in raid5storegroupthreadcnt() (bsc#1256761).
  • CVE-2025-71137: octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (bsc#1256760).
  • CVE-2025-71149: iouring/poll: correctly handle iopoll_add() return value on update (bsc#1257164).
  • CVE-2026-22976: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset (bsc#1257035).
  • CVE-2026-22977: net: sock: fix hardened usercopy panic in sockrecverrqueue (bsc#1257053).
  • CVE-2026-22984: libceph: prevent potential out-of-bounds reads in handleauthdone() (bsc#1257217).
  • CVE-2026-22990: libceph: replace overzealous BUGON in osdmapapply_incremental() (bsc#1257221).
  • CVE-2026-22991: libceph: make freechoosearg_map() resilient to partial allocation (bsc#1257220).
  • CVE-2026-22992: libceph: return the handler error from monhandleauth_done() (bsc#1257218).
  • CVE-2026-22993: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (bsc#1257180).
  • CVE-2026-22996: net/mlx5e: Don't store mlx5epriv in mlx5edev devlink priv.
  • CVE-2026-22999: net/sched: schqfq: do not free existing class in qfqchange_class() (bsc#1257236).
  • CVE-2026-23000: net/mlx5e: Fix crash on profile change rollback failure (bsc#1257234).
  • CVE-2026-23001: macvlan: fix possible UAF in macvlanforwardsource() (bsc#1257232).
  • CVE-2026-23005: x86/fpu: Clear XSTATE_BV in guest XSAVE state whenever XFD[i]=1 (bsc#1257245).
  • CVE-2026-23010: ipv6: Fix use-after-free in inet6addrdel() (bsc#1257332).
  • CVE-2026-23011: ipv4: ipgre: make ipgreheader() robust (bsc#1257207).

The following non security issues were fixed:

  • ALSA: usb-audio: Update for native DSD support quirks (stable-fixes).
  • Disable CONFIGCPU5WDT The cpu5wdt driver doesn't implement a proper watchdog interface and has many code issues. It only handles obscure and obsolete hardware. Stop building and supporting this driver (jsc#PED-14062).
  • Update config files (jsc#PED-12554 jsc#PED-6996 bsc#1243677 ltc#213602 bsc#1243678 ltc#213596) CONFIGIMAKEYRINGSPERMITSIGNEDBYBUILTINORSECONDARY=y CONFIGINTEGRITYCAMACHINEKEYRING_MAX=y
  • Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
  • bpf/selftests: testselectreuseport_kern: Remove unused header (bsc#1257603).
  • bpf: Do not let BPF test infra emit invalid GSO types to stack (bsc#1255569).
  • cifs: Fix copy offload to flush destination region (bsc#1252511).
  • cifs: Fix flushing, invalidation and file size with copyfilerange() (bsc#1252511).
  • cifs: Fix uncached read into ITER_KVEC iterator (bsc#1245449).
  • cifs: make cifschanupdate_iface() a void function (git-fixes).
  • cifs: update dstaddr whenever channel iface is updated (git-fixes).
  • cpuidle: menu: Use residency threshold in polling state override decisions (bsc#1255026).
  • dm: fix queue start/stop imbalance under suspend/load/resume races (bsc#1253386)
  • drm/amdgpu: update mappings not managed by KFD (bsc#1255428)
  • ext4: use optimized mballoc scanning regardless of inode format (bsc#1254378).
  • ext4: wait for ongoing I/O to complete before freeing blocks (bsc#1256366).
  • fs: dlm: allow to F_SETLKW getting interrupted (bsc#1255025).
  • ice: use netifgetnumdefaultrss_queues() (bsc#1247712).
  • media: atomisp: Prefix firmware paths with "intel/ipu/" (bsc#1252973).
  • media: atomisp: Remove firmware_name module parameter (bsc#1252973).
  • mm, page_alloc, thp: prevent reclaim for _GFPTHISNODE THP allocations (bsc#1254447 bsc#1253087).
  • net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
  • net: tcp: allow zero-window ACK update the window (bsc#1254767).
  • net: usb: pegasus: fix memory leak in updateethregs_async() (git-fixes).
  • powerpc/addnote: Fix overflow on 32-bit builds (bsc#1215199).
  • powerpc/eeh: fix recursive pcilockrescan_remove locking in EEH event handling (bsc#1253262 ltc#216029).
  • powerpc/kexec: Enable SMT before waking offline CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes bsc#1253739 ltc#211493 bsc#1254244 ltc#216496).
  • sched: Increase schedtickremote timeout (bsc#1254510).
  • scsi: lpfc: Add capability to register Platform Name ID to fabric (bsc#1254119).
  • scsi: lpfc: Allow support for BB credit recovery in point-to-point topology (bsc#1254119).
  • scsi: lpfc: Ensure unregistration of rpis for received PLOGIs (bsc#1254119).
  • scsi: lpfc: Fix leaked ndlp krefs when in point-to-point topology (bsc#1254119).
  • scsi: lpfc: Fix reusing an ndlp that is marked NLP_DROPPED during FLOGI (bsc#1254119).
  • scsi: lpfc: Modify kref handling for Fabric Controller ndlps (bsc#1254119).
  • scsi: lpfc: Remove redundant NULL ptr assignment in lpfcelsfree_iocb() (bsc#1254119).
  • scsi: lpfc: Revise discovery related function headers and comments (bsc#1254119).
  • scsi: lpfc: Rework lpfcsli4fcfrrnextindexget() (bsc#1256861).
  • scsi: lpfc: Update lpfc version to 14.4.0.12 (bsc#1254119).
  • scsi: lpfc: Update lpfc version to 14.4.0.13 (bsc#1256861).
  • scsi: lpfc: Update various NPIV diagnostic log messaging (bsc#1254119).
  • scsi: qla2xxx: Add Speed in SFP print information (bsc#1256863).
  • scsi: qla2xxx: Add bsg interface to support firmware img validation (bsc#1256863).
  • scsi: qla2xxx: Add load flash firmware mailbox support for 28xxx (bsc#1256863).
  • scsi: qla2xxx: Add support for 64G SFP speed (bsc#1256863).
  • scsi: qla2xxx: Allow recovery for tape devices (bsc#1256863).
  • scsi: qla2xxx: Delay module unload while fabric scan in progress (bsc#1256863).
  • scsi: qla2xxx: Fix bsg_done() causing double free (bsc#1256863).
  • scsi: qla2xxx: Free sp in error path to fix system crash (bsc#1256863).
  • scsi: qla2xxx: Query FW again before proceeding with login (bsc#1256863).
  • scsi: qla2xxx: Update version to 10.02.10.100-k (bsc#1256863).
  • scsi: qla2xxx: Validate MCU signature before executing MBC 03h (bsc#1256863).
  • scsi: qla2xxx: Validate sp before freeing associated memory (bsc#1256863).
  • scsi: storvsc: Process unsupported MODESENSE10 (bsc#1257296).
  • smb: client: split cached_fid bitfields to avoid shared-byte RMW races (bsc#1250748,bsc#1257154).
  • smb: client: update cfid->lastaccesstime in opencacheddirbydentry() (git-fixes).
  • smb: improve directory cache reuse for readdir operations (bsc#1252712).
  • soc/tegra: fuse: speedo-tegra210: Update speedo IDs (git-fixes).
  • spi: tegra210-quad: Check hardware status on timeout (bsc#1253155)
  • spi: tegra210-quad: Fix timeout handling (bsc#1253155)
  • spi: tegra210-quad: Refactor error handling into helper functions (bsc#1253155)
  • spi: tegra210-quad: Update dummy sequence configuration (git-fixes)
  • supported.conf: Mark lan 743x supported (jsc#PED-14571)
  • tracing: Fix access to traceeventfile (bsc#1254373).
  • wifi: mwifiex: Fix a loop in mwifiexupdateampdu_rxwinsize() (git-fixes).
  • x86/microcode/AMD: Add TSA microcode SHAs (bsc#1256528).
  • x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev (bsc#1256528).
  • x86/microcode/AMD: Add more known models to entry sign checking (bsc#1256528).
  • x86/microcode/AMD: Add some forgotten models to the SHA check (bsc#1256528).
  • x86/microcode/AMD: Clean the cache if update did not load microcode (bsc#1256528).
  • x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches (bsc#1256528).
  • x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (bsc#1256528).
  • x86/microcode/AMD: Fix __applymicrocodeamd()'s return value (bsc#1256528).
  • x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1256528).
  • x86/microcode/AMD: Load only SHA256-checksummed patches (bsc#1256528).
  • x86/microcode/AMD: Select which microcode patch to load (bsc#1256528).
  • x86/microcode/AMD: Use sha256() instead of init/update/final (bsc#1256528).
  • x86/microcode: Fix Entrysign revision check for Zen1/Naples (bsc#1256528).
References

Affected packages

SUSE:Linux Micro 6.0 / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Micro%206.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.0-39.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-devel": "6.4.0-39.1",
            "kernel-default-livepatch": "6.4.0-39.1",
            "kernel-kvmsmall": "6.4.0-39.1",
            "kernel-macros": "6.4.0-39.1",
            "kernel-default": "6.4.0-39.1",
            "kernel-source": "6.4.0-39.1",
            "kernel-default-base": "6.4.0-39.1.21.16"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20477-1.json"

SUSE:Linux Micro 6.0 / kernel-default-base

Package

Name
kernel-default-base
Purl
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Micro%206.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.0-39.1.21.16

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-devel": "6.4.0-39.1",
            "kernel-default-livepatch": "6.4.0-39.1",
            "kernel-kvmsmall": "6.4.0-39.1",
            "kernel-macros": "6.4.0-39.1",
            "kernel-default": "6.4.0-39.1",
            "kernel-source": "6.4.0-39.1",
            "kernel-default-base": "6.4.0-39.1.21.16"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20477-1.json"

SUSE:Linux Micro 6.0 / kernel-kvmsmall

Package

Name
kernel-kvmsmall
Purl
pkg:rpm/suse/kernel-kvmsmall&distro=SUSE%20Linux%20Micro%206.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.0-39.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-devel": "6.4.0-39.1",
            "kernel-default-livepatch": "6.4.0-39.1",
            "kernel-kvmsmall": "6.4.0-39.1",
            "kernel-macros": "6.4.0-39.1",
            "kernel-default": "6.4.0-39.1",
            "kernel-source": "6.4.0-39.1",
            "kernel-default-base": "6.4.0-39.1.21.16"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20477-1.json"

SUSE:Linux Micro 6.0 / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Micro%206.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.4.0-39.1

Ecosystem specific 

{
    "binaries": [
        {
            "kernel-devel": "6.4.0-39.1",
            "kernel-default-livepatch": "6.4.0-39.1",
            "kernel-kvmsmall": "6.4.0-39.1",
            "kernel-macros": "6.4.0-39.1",
            "kernel-default": "6.4.0-39.1",
            "kernel-source": "6.4.0-39.1",
            "kernel-default-base": "6.4.0-39.1.21.16"
        }
    ]
}

Database specific

source 
"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20477-1.json"