SB2026062354 - SUSE update for the Linux Kernel (Live Patch 26 for SUSE Linux Enterprise 15 SP6)
Published: June 23, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) Improper control of a resource through its lifetime (CVE-ID: CVE-2026-43503)
CWE-ID: CWE-664 - Improper control of a resource through its lifetime
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to modify the page cache of a root-owned read-only file.
The vulnerability exists due to improper state management in frag-transfer helpers in the Linux kernel networking stack when moving fragment descriptors between socket buffers. A local user can trigger packet processing through a duplicated skb path to modify the page cache of a root-owned read-only file.
One demonstrated path involves ESP input after a packet is duplicated through an nft 'dup to' rule or another nf_dup_ipv4() / xt_TEE caller.
2) Use-after-free (CVE-ID: CVE-2026-46323)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in skb_gro_receive in the GRO subsystem when merging zerocopy skbs. A local user can trigger GRO processing with zerocopy skbs to cause a denial of service.
The issue occurs when either the source skb or the last skb in the GRO chain is zerocopy and uses managed fragment references.
Remediation
Install update from vendor's website.