SB2026012136 - SUSE update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
Published: January 21, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 10 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2022-50233)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the append_eir_data_to_buf() function in net/bluetooth/mgmt.c, within the eir_append_name(), eir_append_local_name() and eir_create() functions in net/bluetooth/eir.c. A local user can perform a denial of service (DoS) attack.
2) NULL pointer dereference (CVE-ID: CVE-2022-50327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_processor_get_lpi_info() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
3) NULL pointer dereference (CVE-ID: CVE-2022-50409)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sk_stream_wait_memory() function in net/core/stream.c. A local user can perform a denial of service (DoS) attack.
4) Out-of-bounds read (CVE-ID: CVE-2022-50490)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __htab_map_lookup_and_delete_batch() function in kernel/bpf/hashtab.c. A local user can perform a denial of service (DoS) attack.
5) Buffer overflow (CVE-ID: CVE-2023-53676)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lio_target_nacl_info_show() function in drivers/target/iscsi/iscsi_target_configfs.c. A local user can escalate privileges on the system.
6) Infinite loop (CVE-ID: CVE-2024-58239)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the tls_sw_recvmsg() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
7) Use-after-free (CVE-ID: CVE-2025-38476)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpl_do_srh_inline() function in net/ipv6/rpl_iptunnel.c. A local user can escalate privileges on the system.
8) Integer overflow (CVE-ID: CVE-2025-38572)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the ipv6_gso_segment() function in net/ipv6/ip6_offload.c. A local user can execute arbitrary code.
9) Use of uninitialized resource (CVE-ID: CVE-2025-38608)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the sk_psock_msg_verdict() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
10) Resource management error (CVE-ID: CVE-2025-40204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.