SB2026042072 - SUSE update for the Linux Kernel (Live Patch 35 for SUSE Linux Enterprise 15 SP5)

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Use-after-free (CVE-ID: CVE-2026-23191)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the is_access_interleaved() and loopback_check_format() functions in sound/drivers/aloop.c. A local user can escalate privileges on the system.

2) Improper Access Control (CVE-ID: CVE-2026-23268)

The vulnerability allows a local user to escalate privileges, modify AppArmor security policies, and cause a denial of service.

The vulnerability exists due to improper access control in the AppArmor policy management interface when handling file descriptor operations. A local user can open the apparmorfs interface and pass the file descriptor to a privileged process, tricking it into performing privileged policy management operations on behalf of the user.

The user must have access to a privileged process that can be manipulated to write to the AppArmor interface. Once exploited, the user can load, replace, or remove AppArmor profiles, leading to removal of confinement, denial of service by blocking application execution, bypassing user namespace restrictions, and potentially enabling local privilege escalation via kernel exploits.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2026/suse-su-20261464-1/