Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0688-1 Final 1 1 2026-02-27T15:09:04Z current 2026-02-27T15:09:04Z 2026-02-27T15:09:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2021-0920: net: split out functions related to registering inflight socket files (bsc#1193731). - CVE-2025-38177: sch_hfsc: make hfsc_qlen_notify() idempotent (bsc#1245986). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-688,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-688 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260688-1/ Link for SUSE-SU-2026:0688-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024506.html E-Mail link for SUSE-SU-2026:0688-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1193731 SUSE Bug 1193731 https://bugzilla.suse.com/1245986 SUSE Bug 1245986 https://www.suse.com/security/cve/CVE-2021-0920/ SUSE CVE CVE-2021-0920 page https://www.suse.com/security/cve/CVE-2025-38177/ SUSE CVE CVE-2025-38177 page SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-default-3.0.101-108.201.1 kernel-default-base-3.0.101-108.201.1 kernel-default-devel-3.0.101-108.201.1 kernel-docs-3.0.101-108.201.1 kernel-ec2-3.0.101-108.201.1 kernel-ec2-base-3.0.101-108.201.1 kernel-ec2-devel-3.0.101-108.201.1 kernel-source-3.0.101-108.201.1 kernel-syms-3.0.101-108.201.1 kernel-trace-3.0.101-108.201.1 kernel-trace-base-3.0.101-108.201.1 kernel-trace-devel-3.0.101-108.201.1 kernel-xen-3.0.101-108.201.1 kernel-xen-base-3.0.101-108.201.1 kernel-xen-devel-3.0.101-108.201.1 kernel-default-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-default-base-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-default-devel-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-docs-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-ec2-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-ec2-base-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-ec2-devel-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-source-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-syms-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-trace-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-trace-base-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-trace-devel-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-xen-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-xen-base-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE kernel-xen-devel-3.0.101-108.201.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References: Upstream kernel CVE-2021-0920 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.201.1 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260688-1/ https://www.suse.com/security/cve/CVE-2021-0920.html CVE-2021-0920 https://bugzilla.suse.com/1193731 SUSE Bug 1193731 https://bugzilla.suse.com/1194463 SUSE Bug 1194463 https://bugzilla.suse.com/1195939 SUSE Bug 1195939 https://bugzilla.suse.com/1199255 SUSE Bug 1199255 https://bugzilla.suse.com/1200084 SUSE Bug 1200084 In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() callers' life: 1. update_vf() decreases cl->cl_nactive, so we can check whether it is non-zero before calling it. 2. eltree_remove() always removes RB node cl->el_node, but we can use RB_EMPTY_NODE() + RB_CLEAR_NODE() to make it safe. CVE-2025-38177 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-base-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-default-devel-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-docs-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-base-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-ec2-devel-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-source-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-syms-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-base-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-trace-devel-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-base-3.0.101-108.201.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:kernel-xen-devel-3.0.101-108.201.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260688-1/ https://www.suse.com/security/cve/CVE-2025-38177.html CVE-2025-38177 https://bugzilla.suse.com/1237312 SUSE Bug 1237312 https://bugzilla.suse.com/1245986 SUSE Bug 1245986 https://bugzilla.suse.com/1246356 SUSE Bug 1246356 https://bugzilla.suse.com/1247374 SUSE Bug 1247374