Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20383-1 Final 1 1 2026-01-19T15:31:55Z current 2026-01-19T15:31:55Z 2026-01-19T15:31:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0) This update for the SUSE Linux Enterprise kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251787). - CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253437). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.1-kernel-248 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620383-1/ Link for SUSE-SU-2026:20383-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024309.html E-Mail link for SUSE-SU-2026:20383-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1251787 SUSE Bug 1251787 https://bugzilla.suse.com/1253437 SUSE Bug 1253437 https://www.suse.com/security/cve/CVE-2023-53676/ SUSE CVE CVE-2023-53676 page https://www.suse.com/security/cve/CVE-2025-40204/ SUSE CVE CVE-2025-40204 page SUSE Linux Micro 6.1 kernel-livepatch-6_4_0-35-default-4-1.1 kernel-livepatch-6_4_0-35-default-4-1.1 as a component of SUSE Linux Micro 6.1 In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checking for the buffer length. With enough iSCSI connections it's possible to overflow the buffer provided by configfs and corrupt the memory. This patch replaces sprintf() with sysfs_emit_at() that checks for buffer boundries. CVE-2023-53676 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-35-default-4-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620383-1/ https://www.suse.com/security/cve/CVE-2023-53676.html CVE-2023-53676 https://bugzilla.suse.com/1251786 SUSE Bug 1251786 https://bugzilla.suse.com/1251787 SUSE Bug 1251787 In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. CVE-2025-40204 SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-35-default-4-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620383-1/ https://www.suse.com/security/cve/CVE-2025-40204.html CVE-2025-40204 https://bugzilla.suse.com/1253436 SUSE Bug 1253436 https://bugzilla.suse.com/1253437 SUSE Bug 1253437