SB2026052420 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 5 vulnerabilities.

1) Improper privilege management (CVE-ID: CVE-2025-54518)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in x86 CPU opcode cache handling when executing code on affected AMD Fam17h CPUs. A local user can execute code to escalate privileges.

The issue can permit escalation across privilege boundaries including userspace to kernel and guest to host, and only AMD Fam17h CPUs based on the Zen2 microarchitecture are believed to be affected.

2) Resource management error (CVE-ID: CVE-2026-43284)

CWE-ID: CWE-399 - Resource Management Errors

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/U:Amber

The vulnerability allows a local user to escalate privileges on the system.

The xfrm-ESP Page-Cache Write vulnerability exists due to improper management of internal resources in esp_input() function in net/ipv4/esp4.c and esp6_input() function in net/ipv6/esp6.c. A local user can execute arbitrary code with root privileges. 

Note, this is one of two vulnerabilities reported as Dirty Frag.

3) Resource management error (CVE-ID: CVE-2026-43500)

CWE-ID: CWE-399 - Resource Management Errors

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/U:Amber

The vulnerability allows a local user to escalate privileges on the system.

The RxRPC Page-Cache Write vulnerability exists due to improper management of internal resources. A local user can execute arbitrary code with root privileges.

Note, this vulnerability is one of two issues described as Dirty Frag.

4) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-46300)

CWE-ID: CWE-664 - Improper control of a resource through its lifetime

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to cause memory corruption.

The vulnerability exists due to improper state management in skb_try_coalesce() when transferring paged fragments during TCP receive coalescing. A local user can trigger packet processing that moves shared fragments into an unmarked skb to cause memory corruption.

The issue can lead ESP input to incorrectly treat an uncloned nonlinear skb as not having shared fragments and perform in-place decryption over externally owned or page-cache-backed fragments.

5) Improper access control (CVE-ID: CVE-2026-46333)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local privileged user to disclose sensitive information.

The vulnerability exists due to improper access control in ptrace_may_access() when checking dumpability for tasks without an associated mm pointer. A local privileged user can inspect kernel thread details to disclose sensitive information.

The issue affects cases involving threads that no longer have a VM or never had one, such as kernel threads.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2026/suse-su-20261907-1/