SB2026032360 - SUSE update for the Linux Kernel
Published: March 23, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2023-53794)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_reconnect_server() function in fs/smb/client/smb2pdu.c. A local user can escalate privileges on the system.
2) Use-after-free (CVE-ID: CVE-2023-53827)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the l2cap_disconnect_req() and l2cap_disconnect_rsp() functions in net/bluetooth/l2cap_core.c. A local user can escalate privileges on the system.
3) Buffer overflow (CVE-ID: CVE-2025-21738)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ata_pio_sector() function in drivers/ata/libata-sff.c. A local user can perform a denial of service (DoS) attack.
4) Use-after-free (CVE-ID: CVE-2025-38224)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvaser_pciefd_setup_can_ctrls() function in drivers/net/can/kvaser_pciefd.c. A local user can escalate privileges on the system.
5) Out-of-bounds read (CVE-ID: CVE-2025-38375)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mergeable_ctx_to_truesize(), virtnet_get_headroom(), xdp_linearize_page(), receive_small_xdp() and mergeable_xdp_get_buf() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
6) Use-after-free (CVE-ID: CVE-2025-68285)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the monmap_show() and osdmap_show() functions in net/ceph/debugfs.c. A local user can escalate privileges on the system.
7) Use-after-free (CVE-ID: CVE-2025-71066)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can escalate privileges on the system.
8) Use-after-free (CVE-ID: CVE-2026-23004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rt6_uncached_list_add() function in net/ipv6/route.c. A local user can escalate privileges on the system.
9) NULL pointer dereference (CVE-ID: CVE-2026-23060)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.
10) Use-after-free (CVE-ID: CVE-2026-23074)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.
11) Use-after-free (CVE-ID: CVE-2026-23089)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the parse_audio_unit() function in sound/usb/mixer.c. A local user can escalate privileges on the system.
12) Use-after-free (CVE-ID: CVE-2026-23191)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.
13) Out-of-bounds read (CVE-ID: CVE-2026-23204)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the u32_classify() function in net/sched/cls_u32.c. A local user can perform a denial of service (DoS) attack.
14) Improper Access Control (CVE-ID: CVE-2026-23268)
The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.
The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.
The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.
15) Out-of-bounds read (CVE-ID: CVE-2026-23269)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the AppArmor subsystem's DFA state table validation when processing untrusted policy data. A local user can provide a specially crafted AppArmor policy with an out-of-bounds start state to trigger an out-of-bounds read during policy unpacking.
Exploitation requires the ability to load or modify AppArmor policies, which typically requires privileged access. The out-of-bounds read may expose contents of kernel memory.
Remediation
Install update from vendor's website.