SB2026032799 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2021-47110)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the kvm_crash_shutdown() and kvmclock_init() functions in arch/x86/kernel/kvmclock.c, within the kvm_guest_cpu_offline() function in arch/x86/kernel/kvm.c. A local user can escalate privileges on the system.

2) Buffer overflow (CVE-ID: CVE-2025-21738)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ata_pio_sector() function in drivers/ata/libata-sff.c. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2026-23074)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2026-23089)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the parse_audio_unit() function in sound/usb/mixer.c. A local user can escalate privileges on the system.

5) Use-after-free (CVE-ID: CVE-2026-23191)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2026/suse-su-20261130-1/