Back

SUSE Linux Micro Kernel Security Updates Address Multiple Vulnerabilities

Severity: High (Score: 74.0)

Sources: Linuxsecurity

Published: 2026-06-02 · Updated: 2026-06-02

Keywords: security, issues, suse, kernel, linux, enterprise, update

Severity indicators: issue, security issue

Summary

SUSE has released critical security updates for its Linux Micro Kernel, addressing multiple vulnerabilities including CVE-2025-54518, CVE-2026-23243, and CVE-2026-46300. These vulnerabilities affect various SUSE Linux Enterprise Kernel versions and could lead to local root exploits and data leaks. The updates were prompted by the discovery of several critical flaws, with CVE-2025-54518 being particularly severe, rated at 7.3 CVSS. The patches are available for immediate deployment through standard SUSE update methods. Security professionals are advised to prioritize these updates to mitigate potential exploitation risks. The vulnerabilities were disclosed between March and May 2026, with some having public proof-of-concept (PoC) exploits available. Affected systems include SUSE Linux Micro 6.0 and various kernel versions. Key Points: • SUSE released updates for critical vulnerabilities in Linux Micro Kernel. • CVE-2025-54518 poses a significant risk with a CVSS score of 7.3. • Immediate patching is recommended to prevent potential local root exploits.

Detailed Analysis

**Impact** SUSE Linux Micro and Enterprise users across multiple versions (Micro 6.0, 6.1, Enterprise 15 SP5/SP7, and 16.0) are affected by vulnerabilities impacting kernel and CPU microcode components. The vulnerabilities include local root exploits and CPU data leaks, potentially exposing sensitive data and enabling privilege escalation. The affected sectors include any organizations relying on SUSE Linux for critical infrastructure, with no geographic limitations specified. The scope includes both general-purpose and real-time (RT) kernels, impacting operational stability and security. **Technical Details** Exploited vulnerabilities include CVE-2025-35979 (Intel CPU microcode data leak), CVE-2025-54518 (AMD CPU OP cache corruption), CVE-2026-23243 (RDMA negative data length rejection), CVE-2026-23274 (netfilter timer label reuse), CVE-2026-46300 (FragNesia local root exploit), and CVE-2026-46333 (ptrace dumpable logic). Attack vectors involve local privilege escalation through kernel exploits and CPU microcode flaws. The kill chain stages affected are primarily privilege escalation and post-exploitation. No specific malware or external infrastructure indicators of compromise (IOCs) were reported. **Recommended Response** Apply the SUSE Linux Enterprise Kernel updates for versions 6.0, 6.1, 15 SP5/SP7, and 16.0 immediately, including microcode updates for Intel processors. Use SUSE’s recommended patching tools such as YaST online_update or "zypper patch" to ensure all kernel and microcode fixes are applied. Monitor for unusual local privilege escalation attempts and kernel anomalies related to ptrace and netfilter components. No additional IOCs or detection signatures were provided; maintain vigilance on kernel-level exploit attempts.

Source articles (30)

  • SUSE Linux Enterprise 16.0 Security Update Kernel Important 2026-21860 — Linuxsecurity · 2026-06-01
    ## The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603). * CVE-2024-1402…
  • SUSE Kernel Security Update Important Fixing 206 Issues 2026-21845 — Linuxsecurity · 2026-06-01
    ## The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603). * CVE-2024-1402…
  • SUSE Linux Enterprise 15 SP7 Kernel Major Security Update 2026-2217 — Linuxsecurity · 2026-06-02
    ## The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: * CVE-2023-20585: x86/CPU: Fix FPDSS on Zen1 (bsc#1243603). * CVE-202…
  • openSUSE Kernel Important Security Update 2026-2216 — Linuxsecurity · 2026-06-02
    ## The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues The following security issues were fixed: * CVE-2022-49979: net: fix refcount bug in sk_psock_get (bsc#1245109)…
  • openSUSE Kernel Significant Security Updates Notice 2026-2215 — Linuxsecurity · 2026-06-02
    ## The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: * CVE-2022-49979: net: fix refcount bug in sk_psock_get (bsc#1245109). *…
  • SUSE Linux Micro 6.0 Important Kernel RT Security Update 2026-21910 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Kernel RT Important Security Update for 5 Issues — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Kernel RT Important Patch for Local Exploits Vulnerabilities — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Micro 6.0 Kernel RT Important Local Root Exploit Advisory 2026-21906 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Kernel RT Important Security Update 2026-21905 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-37.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Kernel RT Important Security Fix SUSE-SU-2026-21904 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro Kernel RT Important Security Patch 2026-21903 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Kernel RT Important Security Advisory 2026-21902 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Important Kernel RT Security Update 2026-21901 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-33.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Important Kernel RT Patch CVE-2025 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE 2026 Microcode-Intel Security Issue Fix SUSE-SU-2026-21897 — Linuxsecurity · 2026-06-02
    ## This update for ucode-intel fixes the following issues Security issue: * CVE-2025-35979: data leaks fixed in 20260512 release (bsc#1265189). Non security issues: * TW 20250826 Kernel 6.16.3 tainted…
  • SUSE Linux Micro 6.0 Kernel Critical Security Update SUSE-SU-2026-21896 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Kernel Important Local Root Exploit Vuln 2026-21894 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro Kernel Important Patch for Local Root Exploit 2026-21893 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Kernel Important Security Update 2026-21892 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Kernel Important Security Update SUSE-SU-2026-21891 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Micro 6.0 Kernel Important Local Root Exploit Vuln 2026-21890 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Kernel Important Security Update 2026-21889 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-32.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Linux Micro 6.0 Important Kernel Patch Exploits 2026-21888 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…
  • SUSE Micro 6.0 Kernel Important Six Fixes Root Exploit 2026-21887 — Linuxsecurity · 2026-06-02
    ## This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: * CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#12640…

Timeline

  • 2023-04-14 — CVE-2023-2058 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2025-06-18 — CVE-2022-49979 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2025-11-12 — CVE-2025-40181 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2025-12-16 — CVE-2025-68265 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2025-12-16 — CVE-2025-68310 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-01-31 — CVE-2025-71183 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-02-14 — CVE-2026-23168 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-03-09 — CVE-2024-14027 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-03-10 — CVE-2026-23240 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-03-10 — CVE-2026-23239 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.

CVEs

  • CVE-2022-49979
  • CVE-2023-2058
  • CVE-2023-20585
  • CVE-2024-14027
  • CVE-2025-35979
  • CVE-2025-40181
  • CVE-2025-54518
  • CVE-2025-68265
  • CVE-2025-68310
  • CVE-2025-71183
  • CVE-2025-71302
  • CVE-2026-23168
  • CVE-2026-23239
  • CVE-2026-23240
  • CVE-2026-23243
  • CVE-2026-23245
  • CVE-2026-23262
  • CVE-2026-23271
  • CVE-2026-23274
  • CVE-2026-23317
  • CVE-2026-23351
  • CVE-2026-23393
  • CVE-2026-23449
  • CVE-2026-46300
  • CVE-2026-46333

Related entities

  • Data Breach (Attack Type)
  • Zero-day Exploit (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-269 - Improper Privilege Management (Cwe)
  • Cwe-362 - Race Condition (Cwe)
  • Cwe-415 - Double Free (Cwe)
  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • Linux (Platform)
  • SUSE Linux Enterprise (Platform)
  • SUSE Linux Enterprise 15 SP7 (Platform)
  • SUSE Linux Enterprise Kernel (Platform)
  • SUSE Linux Enterprise Kernel 6.4.0-33.1 (Platform)
  • SUSE Linux Enterprise Kernel 6.4.0-35.1 (Platform)
  • SUSE Linux Enterprise Kernel 6.4.0-36.1 (Platform)
  • SUSE Linux Enterprise Micro (Platform)
  • SUSE Linux Micro (Platform)
  • Amd-sn-7052 (Vulnerability)
  • Fragnesia (Vulnerability)
  • FragNesia Attack (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed