SUSE and openSUSE Kernel Updates Address Critical Bluetooth and AppArmor Vulnerabilities

Severity: High (Score: 72.0)

Sources: Linuxsecurity

Summary

SUSE has released important updates for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.50 and the openSUSE Leap 15.4 Kernel, addressing critical security vulnerabilities. The updates fix CVE-2025-40309, a Bluetooth vulnerability that allows for a use-after-free condition, and CVE-2026-23268, which permits unprivileged local users to manage privileged AppArmor policies. These vulnerabilities affect multiple SUSE products, including openSUSE Leap 15.6 and SUSE Linux Enterprise Live Patching 15-SP6. The Bluetooth vulnerability has a CVSS score of 7.3, indicating a high severity level, while the AppArmor issue has a CVSS score of 7.0. Users are advised to apply the patches using recommended installation methods like YaST online_update or zypper patch. The updates were published on April 24, 2026, and are critical for maintaining system security against potential exploitation. Key Points: • SUSE updates address critical Bluetooth and AppArmor vulnerabilities affecting multiple systems. • CVE-2025-40309 and CVE-2026-23268 have CVSS scores of 7.3 and 7.0, respectively. • Users should apply patches immediately to mitigate risks associated with these vulnerabilities.

Key Entities

• CVE-2025-40309 (cve)
• CVE-2026-23191 (cve)
• CVE-2026-23268 (cve)
• CWE-269 - Improper Privilege Management (cwe)
• Cwe-416 - Use After Free (cwe)
• Linux (platform)
• SUSE Linux Enterprise (platform)
• OpenSUSE (company)