SB2026013069 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2023-23559)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the rndis_query_oid() function in drivers/net/wireless/rndis_wlan.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

2) Memory leak (CVE-ID: CVE-2023-54110)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rndis_query() function in drivers/net/usb/rndis_host.c. A local user can perform a denial of service (DoS) attack.

3) Buffer overflow (CVE-ID: CVE-2023-54168)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the set_user_sq_size() function in drivers/infiniband/hw/mlx4/qp.c. A local user can perform a denial of service (DoS) attack.

4) Use-after-free (CVE-ID: CVE-2025-40018)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ip_vs_ftp_exit() and ip_vs_ftp_init() functions in net/netfilter/ipvs/ip_vs_ftp.c. A local user can escalate privileges on the system.

5) Improper locking (CVE-ID: CVE-2025-40215)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __xfrm_state_destroy(), __xfrm_state_delete(), xfrm_state_flush(), xfrm_flush_gc() and xfrm_state_fini() functions in net/xfrm/xfrm_state.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2026/suse-su-20260352-1/