{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel (Live Patch 64 for SUSE Linux Enterprise 12 SP5)","title":"Title of the patch"},{"category":"description","text":"\nThis update for the SUSE Linux Enterprise kernel 4.12.14-122.244 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250314).\n- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1249205).\n- CVE-2025-40186: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request() (bsc#1253439).\n\nThe following non security issue was fixed:\n\n- bsc#1250280: don't expose {file,inode}_operations with static lifetimes Fix issue with static lifetime empty_iops/no_open_fops by allocating them on the heap. Make sure previously assigned instances don't become dangling. (bsc#1250280).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2026-518,SUSE-SLE-Live-Patching-12-SP5-2026-518","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0518-1.json"},{"category":"self","summary":"URL for SUSE-SU-2026:0518-1","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260518-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2026:0518-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2026-February/024257.html"},{"category":"self","summary":"SUSE Bug 1249205","url":"https://bugzilla.suse.com/1249205"},{"category":"self","summary":"SUSE Bug 1250280","url":"https://bugzilla.suse.com/1250280"},{"category":"self","summary":"SUSE Bug 1250314","url":"https://bugzilla.suse.com/1250314"},{"category":"self","summary":"SUSE Bug 1253439","url":"https://bugzilla.suse.com/1253439"},{"category":"self","summary":"SUSE CVE CVE-2023-53321 page","url":"https://www.suse.com/security/cve/CVE-2023-53321/"},{"category":"self","summary":"SUSE CVE CVE-2025-38352 page","url":"https://www.suse.com/security/cve/CVE-2025-38352/"},{"category":"self","summary":"SUSE CVE CVE-2025-40186 page","url":"https://www.suse.com/security/cve/CVE-2025-40186/"}],"title":"Security update for the Linux Kernel (Live Patch 64 for SUSE Linux Enterprise 12 SP5)","tracking":{"current_release_date":"2026-02-14T09:03:51Z","generator":{"date":"2026-02-14T09:03:51Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2026:0518-1","initial_release_date":"2026-02-14T09:03:51Z","revision_history":[{"date":"2026-02-14T09:03:51Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","product":{"name":"kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","product_id":"kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","product":{"name":"kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","product_id":"kgraft-patch-4_12_14-122_244-default-15-2.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64","product":{"name":"kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64","product_id":"kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 12 SP5","product":{"name":"SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-live-patching:12:sp5"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le"},"product_reference":"kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_12_14-122_244-default-15-2.1.s390x as component of SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x"},"product_reference":"kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP5"},{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP5","product_id":"SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"},"product_reference":"kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP5"}]},"vulnerabilities":[{"cve":"CVE-2023-53321","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-53321"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211_hwsim: drop short frames\n\nWhile technically some control frames like ACK are shorter and\nend after Address 1, such frames shouldn't be forwarded through\nwmediumd or similar userspace, so require the full 3-address\nheader to avoid accessing invalid memory if shorter frames are\npassed in.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2023-53321","url":"https://www.suse.com/security/cve/CVE-2023-53321"},{"category":"external","summary":"SUSE Bug 1250313 for CVE-2023-53321","url":"https://bugzilla.suse.com/1250313"},{"category":"external","summary":"SUSE Bug 1250314 for CVE-2023-53321","url":"https://bugzilla.suse.com/1250314"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-02-14T09:03:51Z","details":"important"}],"title":"CVE-2023-53321"},{"cve":"CVE-2025-38352","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-38352"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won't be\nable to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk->exit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail\nanyway in this case.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2025-38352","url":"https://www.suse.com/security/cve/CVE-2025-38352"},{"category":"external","summary":"SUSE Bug 1246911 for CVE-2025-38352","url":"https://bugzilla.suse.com/1246911"},{"category":"external","summary":"SUSE Bug 1249205 for CVE-2025-38352","url":"https://bugzilla.suse.com/1249205"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-02-14T09:03:51Z","details":"important"}],"title":"CVE-2025-38352"},{"cve":"CVE-2025-40186","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2025-40186"}],"notes":[{"category":"general","text":"In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().\n\nsyzbot reported the splat below in tcp_conn_request(). [0]\n\nIf a listener is close()d while a TFO socket is being processed in\ntcp_conn_request(), inet_csk_reqsk_queue_add() does not set reqsk->sk\nand calls inet_child_forget(), which calls tcp_disconnect() for the\nTFO socket.\n\nAfter the cited commit, tcp_disconnect() calls reqsk_fastopen_remove(),\nwhere reqsk_put() is called due to !reqsk->sk.\n\nThen, reqsk_fastopen_remove() in tcp_conn_request() decrements the\nlast req->rsk_refcnt and frees reqsk, and __reqsk_free() at the\ndrop_and_free label causes the refcount underflow for the listener\nand double-free of the reqsk.\n\nLet's remove reqsk_fastopen_remove() in tcp_conn_request().\n\nNote that other callers make sure tp->fastopen_rsk is not NULL.\n\n[0]:\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 12 PID: 5563 at lib/refcount.c:28 refcount_warn_saturate (lib/refcount.c:28)\nModules linked in:\nCPU: 12 UID: 0 PID: 5563 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025\nRIP: 0010:refcount_warn_saturate (lib/refcount.c:28)\nCode: ab e8 8e b4 98 ff 0f 0b c3 cc cc cc cc cc 80 3d a4 e4 d6 01 00 75 9c c6 05 9b e4 d6 01 01 48 c7 c7 e8 df fb ab e8 6a b4 98 ff <0f> 0b e9 03 5b 76 00 cc 80 3d 7d e4 d6 01 00 0f 85 74 ff ff ff c6\nRSP: 0018:ffffa79fc0304a98 EFLAGS: 00010246\nRAX: d83af4db1c6b3900 RBX: ffff9f65c7a69020 RCX: d83af4db1c6b3900\nRDX: 0000000000000000 RSI: 00000000ffff7fff RDI: ffffffffac78a280\nRBP: 000000009d781b60 R08: 0000000000007fff R09: ffffffffac6ca280\nR10: 0000000000017ffd R11: 0000000000000004 R12: ffff9f65c7b4f100\nR13: ffff9f65c7d23c00 R14: ffff9f65c7d26000 R15: ffff9f65c7a64ef8\nFS:  00007f9f962176c0(0000) GS:ffff9f65fcf00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000200000000180 CR3: 000000000dbbe006 CR4: 0000000000372ef0\nCall Trace:\n <IRQ>\n tcp_conn_request (./include/linux/refcount.h:400 ./include/linux/refcount.h:432 ./include/linux/refcount.h:450 ./include/net/sock.h:1965 ./include/net/request_sock.h:131 net/ipv4/tcp_input.c:7301)\n tcp_rcv_state_process (net/ipv4/tcp_input.c:6708)\n tcp_v6_do_rcv (net/ipv6/tcp_ipv6.c:1670)\n tcp_v6_rcv (net/ipv6/tcp_ipv6.c:1906)\n ip6_protocol_deliver_rcu (net/ipv6/ip6_input.c:438)\n ip6_input (net/ipv6/ip6_input.c:500)\n ipv6_rcv (net/ipv6/ip6_input.c:311)\n __netif_receive_skb (net/core/dev.c:6104)\n process_backlog (net/core/dev.c:6456)\n __napi_poll (net/core/dev.c:7506)\n net_rx_action (net/core/dev.c:7569 net/core/dev.c:7696)\n handle_softirqs (kernel/softirq.c:579)\n do_softirq (kernel/softirq.c:480)\n </IRQ>","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2025-40186","url":"https://www.suse.com/security/cve/CVE-2025-40186"},{"category":"external","summary":"SUSE Bug 1253438 for CVE-2025-40186","url":"https://bugzilla.suse.com/1253438"},{"category":"external","summary":"SUSE Bug 1253439 for CVE-2025-40186","url":"https://bugzilla.suse.com/1253439"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.ppc64le","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.s390x","SUSE Linux Enterprise Live Patching 12 SP5:kgraft-patch-4_12_14-122_244-default-15-2.1.x86_64"]}],"threats":[{"category":"impact","date":"2026-02-14T09:03:51Z","details":"important"}],"title":"CVE-2025-40186"}]}