SB2026012075 - SUSE update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5)
Published: January 20, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2022-50327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_processor_get_lpi_info() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
2) Out-of-bounds read (CVE-ID: CVE-2022-50490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __htab_map_lookup_and_delete_batch() function in kernel/bpf/hashtab.c. A local user can perform a denial of service (DoS) attack.
3) Buffer overflow (CVE-ID: CVE-2023-53676)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lio_target_nacl_info_show() function in drivers/target/iscsi/iscsi_target_configfs.c. A local user can escalate privileges on the system.
4) Use-after-free (CVE-ID: CVE-2025-38476)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpl_do_srh_inline() function in net/ipv6/rpl_iptunnel.c. A local user can escalate privileges on the system.
5) Resource management error (CVE-ID: CVE-2025-40204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.