SB20260216171 - SUSE update for the Linux Kernel (Live Patch 0 for SUSE Linux Enterprise 15 SP7)
Published: February 16, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2025-38111)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __mdiobus_read() and __mdiobus_write() functions in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
2) Race condition (CVE-ID: CVE-2025-38352)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the run_posix_cpu_timers() function in kernel/time/posix-cpu-timers.c. A local user can escalate privileges on the system.
Note, the vulnerability is being actively exploited in the wild against Android devices.
3) Division by zero (CVE-ID: CVE-2025-39742)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the find_hw_thread_mask() function in drivers/infiniband/hw/hfi1/affinity.c. A local user can perform a denial of service (DoS) attack.
4) NULL pointer dereference (CVE-ID: CVE-2025-40129)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the svcauth_gss_verify_header() function in net/sunrpc/auth_gss/svcauth_gss.c. A local user can perform a denial of service (DoS) attack.
5) Use-after-free (CVE-ID: CVE-2025-40186)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_conn_request() function in net/ipv4/tcp_input.c. A local user can escalate privileges on the system.
Remediation
Install update from vendor's website.