Main Vulnerability Database SB2026033025

SB2026033025 - SUSE update for the Linux Kernel

Published: March 30, 2026

Security Bulletin ID SB2026033025

Severity

Low

Patch available

YES

Number of vulnerabilities 44

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 44 secuirty vulnerabilities.

1) Race condition within a thread (CVE-ID: CVE-2022-49604)

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to a data race within the ip_mtu_from_fib_result() function in net/ipv4/route.c. A local user can corrupt data.

2) Improper locking (CVE-ID: CVE-2022-49943)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the usb_gadget_disconnect(), gadget_bind_driver(), gadget_unbind_driver(), soft_connect_store() and function_show() functions in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2022-49980)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the usb_udc_uevent() function in drivers/usb/gadget/udc/core.c. A local user can escalate privileges on the system.

4) Buffer overflow (CVE-ID: CVE-2022-50232)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the SYM_FUNC_START_LOCAL() function in arch/arm64/kernel/head.S. A local user can perform a denial of service (DoS) attack.

5) Input validation error (CVE-ID: CVE-2023-52433)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __nft_rbtree_insert() function in net/netfilter/nft_set_rbtree.c. A local user can perform a denial of service (DoS) attack.

6) Improper locking (CVE-ID: CVE-2023-52923)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nft_rbtree_cmp(), __nft_rbtree_lookup(), nft_rbtree_get(), nft_rbtree_gc_elem(), nft_rbtree_activate(), nft_rbtree_flush() and nft_rbtree_gc() functions in net/netfilter/nft_set_rbtree.c, within the pipapo_drop(), pipapo_gc() and nft_pipapo_activate() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_cmp(), nft_rhash_activate(), nft_rhash_flush(), nft_rhash_deactivate(), nft_rhash_gc() and nft_rhash_destroy() functions in net/netfilter/nft_set_hash.c. A local user can perform a denial of service (DoS) attack.

7) Use-after-free (CVE-ID: CVE-2023-53178)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zswap_writeback_entry() function in mm/zswap.c. A local user can escalate privileges on the system.

8) Memory leak (CVE-ID: CVE-2023-53407)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pxa_init_debugfs() function in drivers/usb/gadget/udc/pxa27x_udc.c. A local user can perform a denial of service (DoS) attack.

9) Memory leak (CVE-ID: CVE-2023-53412)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bcm63xx_udc_init_debugfs() function in drivers/usb/gadget/udc/bcm63xx_udc.c. A local user can perform a denial of service (DoS) attack.

10) Memory leak (CVE-ID: CVE-2023-53417)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the create_debug_file() function in drivers/usb/host/sl811-hcd.c. A local user can perform a denial of service (DoS) attack.

11) Memory leak (CVE-ID: CVE-2023-53418)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the create_debug_file() function in drivers/usb/gadget/udc/lpc32xx_udc.c. A local user can perform a denial of service (DoS) attack.

12) Input validation error (CVE-ID: CVE-2024-26581)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in net/netfilter/nft_set_rbtree.c. A locla user can perform a denial of service (DoS) attack.

13) Race condition (CVE-ID: CVE-2024-26832)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the zswap_writeback_entry() function in mm/zswap.c. A local user can escalate privileges on the system.

14) Memory leak (CVE-ID: CVE-2024-46854)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dpaa_start_xmit() function in drivers/net/ethernet/freescale/dpaa/dpaa_eth.c. A local user can perform a denial of service (DoS) attack.

15) Use of uninitialized resource (CVE-ID: CVE-2024-50143)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the udf_current_aext() function in fs/udf/inode.c. A local user can perform a denial of service (DoS) attack.

16) Resource management error (CVE-ID: CVE-2024-54031)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the include/net/netfilter/nf_tables.h. A local user can perform a denial of service (DoS) attack.

17) NULL pointer dereference (CVE-ID: CVE-2025-21658)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the scrub_find_fill_first_stripe() function in fs/btrfs/scrub.c. A local user can perform a denial of service (DoS) attack.

18) Buffer overflow (CVE-ID: CVE-2025-21738)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ata_pio_sector() function in drivers/ata/libata-sff.c. A local user can perform a denial of service (DoS) attack.

19) Use-after-free (CVE-ID: CVE-2025-21760)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ip6_nd_hdr() and ndisc_send_skb() functions in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

20) Use-after-free (CVE-ID: CVE-2025-21764)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ndisc_alloc_skb() function in net/ipv6/ndisc.c. A local user can escalate privileges on the system.

21) Input validation error (CVE-ID: CVE-2025-21765)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ip6_default_advmss() function in net/ipv6/route.c. A local user can perform a denial of service (DoS) attack.

22) Input validation error (CVE-ID: CVE-2025-21766)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the out: kfree_skb_reason() and __ip_rt_update_pmtu() functions in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.

23) Memory leak (CVE-ID: CVE-2025-38563)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the perf_mmap_pfn_mkwrite() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

24) Memory leak (CVE-ID: CVE-2025-38565)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mutex_unlock() and vm_flags_set() functions in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.

25) NULL pointer dereference (CVE-ID: CVE-2025-38684)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.

26) Use-after-free (CVE-ID: CVE-2025-40044)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the udf_current_aext() function in fs/udf/inode.c. A local user can escalate privileges on the system.

27) Use-after-free (CVE-ID: CVE-2025-40139)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the smc_clc_msg_hdr_valid(), smc_clc_prfx_set4_rcu() and smc_clc_prfx_set() functions in net/smc/smc_clc.c. A local user can escalate privileges on the system.

28) Improper locking (CVE-ID: CVE-2025-40242)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gdlm_put_lock() function in fs/gfs2/lock_dlm.c. A local user can perform a denial of service (DoS) attack.

29) Resource management error (CVE-ID: CVE-2025-68312)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the function in drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.

30) Use-after-free (CVE-ID: CVE-2025-71066)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can escalate privileges on the system.

31) Resource management error (CVE-ID: CVE-2025-71085)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the calipso_skbuff_setattr() function in net/ipv6/calipso.c. A local user can perform a denial of service (DoS) attack.

32) Out-of-bounds read (CVE-ID: CVE-2025-71112)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hclge_set_vlan_filter() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.

33) Use-after-free (CVE-ID: CVE-2026-22999)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the qfq_change_class() function in net/sched/sch_qfq.c. A local user can escalate privileges on the system.

34) Use-after-free (CVE-ID: CVE-2026-23001)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macvlan_hash_lookup_source(), macvlan_hash_add_source(), macvlan_hash_add(), macvlan_flush_sources(), macvlan_forward_source() and macvlan_fill_info_macaddr() functions in drivers/net/macvlan.c. A local user can escalate privileges on the system.

35) Use-after-free (CVE-ID: CVE-2026-23004)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rt6_uncached_list_add() function in net/ipv6/route.c. A local user can escalate privileges on the system.

36) Buffer overflow (CVE-ID: CVE-2026-23054)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the netvsc_set_rxfh() function in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.

37) NULL pointer dereference (CVE-ID: CVE-2026-23060)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the crypto_authenc_esn_encrypt() and crypto_authenc_esn_decrypt() functions in crypto/authencesn.c. A local user can perform a denial of service (DoS) attack.

38) Use-after-free (CVE-ID: CVE-2026-23074)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the teql_qdisc_init() function in net/sched/sch_teql.c. A local user can escalate privileges on the system.

39) Use-after-free (CVE-ID: CVE-2026-23089)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the parse_audio_unit() function in sound/usb/mixer.c. A local user can escalate privileges on the system.

40) Use-after-free (CVE-ID: CVE-2026-23191)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.

41) Out-of-bounds read (CVE-ID: CVE-2026-23204)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the u32_classify() function in net/sched/cls_u32.c. A local user can perform a denial of service (DoS) attack.

42) Use-after-free (CVE-ID: CVE-2026-23209)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macvlan_common_newlink() function in drivers/net/macvlan.c. A local user can escalate privileges on the system.

43) Improper Access Control (CVE-ID: CVE-2026-23268)

The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.

The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.

The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.

44) Out-of-bounds read (CVE-ID: CVE-2026-23269)

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to an out-of-bounds read in the AppArmor subsystem's DFA state table validation when processing untrusted policy data. A local user can provide a specially crafted AppArmor policy with an out-of-bounds start state to trigger an out-of-bounds read during policy unpacking.

Exploitation requires the ability to load or modify AppArmor policies, which typically requires privileged access. The out-of-bounds read may expose contents of kernel memory.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20261131-1/

SB2026033025 - SUSE update for the Linux Kernel

Breakdown by Severity

Description

Remediation

References

Please verify you're human