{"affected":[{"ecosystem_specific":{"binaries":[{"kernel-default":"5.3.18-150300.59.238.1","kernel-default-base":"5.3.18-150300.59.238.1.150300.18.142.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.2","name":"kernel-default","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.3.18-150300.59.238.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"5.3.18-150300.59.238.1","kernel-default-base":"5.3.18-150300.59.238.1.150300.18.142.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.2","name":"kernel-default-base","purl":"pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.3.18-150300.59.238.1.150300.18.142.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThe SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255163).\n- CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (bsc#1255049).\n- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).\n- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).\n- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).\n- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change\n  (bsc#1256645).\n- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).\n- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).\n- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).\n- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).\n- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).\n- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).\n\nThe following non security issues were fixed:\n\n- apparmor: fix differential encoding verification (bsc#1258849).\n- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).\n- apparmor: fix memory leak in verify_header (bsc#1258849).\n- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).\n- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).\n- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).\n- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).\n- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).\n- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).\n","id":"SUSE-SU-2026:0928-1","modified":"2026-03-18T13:32:23Z","published":"2026-03-18T13:32:23Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260928-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238917"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246166"},{"type":"REPORT","url":"https://bugzilla.suse.com/1247177"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255049"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255163"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255401"},{"type":"REPORT","url":"https://bugzilla.suse.com/1256645"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257231"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257735"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257749"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257790"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258340"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258395"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258849"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-53794"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-53827"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-21738"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38224"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-38375"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-68285"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-71066"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23004"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23060"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23074"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23089"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23191"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-23204"}],"related":["CVE-2023-53794","CVE-2023-53827","CVE-2025-21738","CVE-2025-38224","CVE-2025-38375","CVE-2025-68285","CVE-2025-71066","CVE-2026-23004","CVE-2026-23060","CVE-2026-23074","CVE-2026-23089","CVE-2026-23191","CVE-2026-23204"],"summary":"Security update for the Linux Kernel","upstream":["CVE-2023-53794","CVE-2023-53827","CVE-2025-21738","CVE-2025-38224","CVE-2025-38375","CVE-2025-68285","CVE-2025-71066","CVE-2026-23004","CVE-2026-23060","CVE-2026-23074","CVE-2026-23089","CVE-2026-23191","CVE-2026-23204"]}