Critical Vulnerabilities in BusyBox Affecting openSUSE Systems

Critical Vulnerabilities in BusyBox Affecting openSUSE Systems

First seen 12 Mar 2026, 14:52 UTC Linuxsecurity 92% similarity 72.0

Article Content

Browse articles
ThreatCluster

A security update for BusyBox addresses multiple vulnerabilities, including CVE-2023-42363, CVE-2023-42364, CVE-2023-42365, CVE-2025-46394, CVE-2025-60876, CVE-2026-26157, and CVE-2026-26158. These vulnerabilities include use-after-free issues and arbitrary file overwrite risks, impacting systems running openSUSE Leap 15.4 and SUSE Linux Enterprise Server 15 SP4. The vulnerabilities could lead to code execution, privilege escalation, and data exposure. Users are advised to apply the patches using recommended installation methods like YaST or zypper. The vulnerabilities were published between 2021 and 2026, with the most recent ones disclosed in February 2026. The update is crucial for maintaining system integrity and security against potential exploitation.

Key Points: • Multiple critical vulnerabilities in BusyBox require immediate patching. • Arbitrary file overwrite and privilege escalation risks are present in the latest CVEs. • Affected systems include openSUSE Leap 15.4 and SUSE Linux Enterprise Server 15 SP4.

ThreatCluster AI

Timeline

2021-11-15
CVE-2021-42380 published
2023-11-27
CVE-2023-42363, CVE-2023-42364, CVE-2023-42365 published
2025-04-23
CVE-2025-46394 published
2025-11-10
CVE-2025-60876 published
2026-02-11
CVE-2026-26157, CVE-2026-26158 published
2026-03-12
Security update for BusyBox released

Community

Browse all →