SB2026042355 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Improper locking (CVE-ID: CVE-2025-38234)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the find_lowest_rq() and find_lock_lowest_rq() functions in kernel/sched/rt.c. A local user can perform a denial of service (DoS) attack.

2) Input validation error (CVE-ID: CVE-2025-68818)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __qla2x00_abort_all_cmds() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.

3) Improper locking (CVE-ID: CVE-2026-23103)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipvlan_port_create(), ipvlan_uninit(), ipvlan_open(), ipvlan_stop(), ipvlan_link_new(), ipvlan_link_delete(), ipvlan_add_addr(), ipvlan_del_addr(), ipvlan_add_addr6(), ipvlan_addr6_validator_event() and ipvlan_addr4_validator_event() functions in drivers/net/ipvlan/ipvlan_main.c. A local user can perform a denial of service (DoS) attack.

4) Out-of-bounds read (CVE-ID: CVE-2026-23243)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a boundary error in the RDMA/umad component when processing user-controlled MAD headers. A local user can send a specially crafted request with mismatched MAD header size and RMPP header length to cause a denial of service.

Exploitation requires access to the RDMA UMAD interface. The vulnerability can trigger an out-of-bounds write in kernel memory, leading to system instability or crash.

5) Use After Free (CVE-ID: CVE-2026-23272)

The vulnerability allows a local user to execute arbitrary code, escalate privileges, and cause a denial of service.

The vulnerability exists due to a use-after-free in the netfilter nf_tables component when handling set element insertion in a full set. A local user can send a specially crafted request to trigger improper RCU handling, leading to a use-after-free condition.

Exploitation requires non-administrative local privileges and does not require user interaction. The vulnerability occurs during normal operation of netfilter rules with full sets.

6) Exposure of resource to wrong sphere (CVE-ID: CVE-2026-23274)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to improper input validation in the netfilter xt_IDLETIMER module when processing timer rules with reused labels. A local user can insert a revision 0 IDLETIMER rule with a label that was previously used by a revision 1 rule with XT_IDLETIMER_ALARM, leading to modification of an uninitialized timer_list object, which can trigger debugobjects warnings and potentially cause a kernel panic when panic_on_warn=1 is enabled.

Exploitation requires the ability to load netfilter rules. The impact is limited to denial of service via system crash under specific kernel configurations.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2026/suse-su-20261563-1/