SUSE-SU-2026:0145-1 Security update for the Linux Kernel RT (Live Patch 4 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise kernel 6.4.0-150700.7.16 fixes various security issues The following security issues were fixed: - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251787. - CVE-2025-39682: tls: fix handling of zero-length records on...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000714)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000714 advisory. The sctpassociationfree function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001484)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001484 advisory. A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000930)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000930 advisory. The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during th...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001454)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001454 advisory. A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000580)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000580 advisory. The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000749)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000749 advisory. The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002227)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002227 advisory. The sctpinit function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002409)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002409 advisory. The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001941)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001941 advisory. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003551 advisory. In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the sctpmakechunk function net/sctp/smmakechunk.c when handling...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002012)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002012 advisory. The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service system crash via a malformed ASCONF chunk, related to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002018)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002018 advisory. The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003359 advisory. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002929)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002929 advisory. The sctpv6createacceptsk function in net/sctp/ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002072)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002072 advisory. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of...

kernel: Linux kernel: SCTP use-after-free due to race condition in sendmsg

A flaw was found in the Linux kernel's SCTP implementation. This vulnerability allows a use-after-free read via a race condition during SCTP message sending...

kernel: Linux kernel: SCTP use-after-free due to race condition in sendmsg

A flaw was found in the Linux kernel's SCTP implementation. This vulnerability allows a use-after-free read via a race condition during SCTP message sending...

kernel: sctp: avoid NULL dereference when chunk data buffer is missing

In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb can only be NULL if chunk-headskb is not. Check for fraglist instead...

ALSA-2026:0444 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: rc: fix races with imondisconnect CVE-2025-39993 kernel: sctp: avoid NULL dereference when chunk data buffer is missing CVE-2025-40240 kernel: libceph: fix potential use-after-free...