SB2026012167 - SUSE update for the Linux Kernel (Live Patch 73 for SUSE Linux Enterprise 12 SP5)
Published: January 21, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2022-50327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the acpi_processor_get_lpi_info() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2022-50367)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inode_init_always() function in fs/inode.c. A local user can escalate privileges on the system.
3) Buffer overflow (CVE-ID: CVE-2023-53676)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the lio_target_nacl_info_show() function in drivers/target/iscsi/iscsi_target_configfs.c. A local user can escalate privileges on the system.
4) Out-of-bounds read (CVE-ID: CVE-2023-53717)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c. A local user can perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2025-40204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sctp_sf_authenticate() function in net/sctp/sm_statefuns.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.