SB20260415174 - SUSE update for the Linux Kernel
Published: April 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Improper locking (CVE-ID: CVE-2025-38234)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the find_lowest_rq() and find_lock_lowest_rq() functions in kernel/sched/rt.c. A local user can perform a denial of service (DoS) attack.
2) Improper locking (CVE-ID: CVE-2026-23103)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_port_create(), ipvlan_uninit(), ipvlan_open(), ipvlan_stop(), ipvlan_link_new(), ipvlan_link_delete(), ipvlan_add_addr(), ipvlan_del_addr(), ipvlan_add_addr6(), ipvlan_addr6_validator_event() and ipvlan_addr4_validator_event() functions in drivers/net/ipvlan/ipvlan_main.c. A local user can perform a denial of service (DoS) attack.
3) Out-of-bounds read (CVE-ID: CVE-2026-23243)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a boundary error in the RDMA/umad component when processing user-controlled MAD headers. A local user can send a specially crafted request with mismatched MAD header size and RMPP header length to cause a denial of service.
Exploitation requires access to the RDMA UMAD interface. The vulnerability can trigger an out-of-bounds write in kernel memory, leading to system instability or crash.
4) Use After Free (CVE-ID: CVE-2026-23272)
The vulnerability allows a local user to execute arbitrary code, escalate privileges, and cause a denial of service.
The vulnerability exists due to a use-after-free in the netfilter nf_tables component when handling set element insertion in a full set. A local user can send a specially crafted request to trigger improper RCU handling, leading to a use-after-free condition.
Exploitation requires non-administrative local privileges and does not require user interaction. The vulnerability occurs during normal operation of netfilter rules with full sets.
5) Exposure of resource to wrong sphere (CVE-ID: CVE-2026-23274)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in the netfilter xt_IDLETIMER module when processing timer rules with reused labels. A local user can insert a revision 0 IDLETIMER rule with a label that was previously used by a revision 1 rule with XT_IDLETIMER_ALARM, leading to modification of an uninitialized timer_list object, which can trigger debugobjects warnings and potentially cause a kernel panic when panic_on_warn=1 is enabled.
Exploitation requires the ability to load netfilter rules. The impact is limited to denial of service via system crash under specific kernel configurations.
6) NULL Pointer Dereference (CVE-ID: CVE-2026-23293)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the VXLAN network driver when handling packets. A local user can send a specially crafted IPv6 packet into a VXLAN interface when IPv6 is disabled at boot time to trigger a kernel NULL pointer dereference and crash the system.
Exploitation requires the ability to inject packets into the VXLAN interface, which is typically available to local users or processes with network access.
7) NULL pointer dereference (CVE-ID: CVE-2026-23398)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in the icmp_tag_validation function when handling ICMP Fragmentation Needed error messages with a quoted inner IP header containing an unregistered protocol number. A remote attacker can send a specially crafted ICMP packet to cause a kernel panic in softirq context.
Exploitation requires the target system to have ip_no_pmtu_disc set to 3 (hardened PMTU mode).
Remediation
Install update from vendor's website.