SUSE Linux Kernel Multiple Vulnerabilities

Last Update Date: 27 May 2026 Release Date: 6 May 2026 5062 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Linux

TYPE: Linux

Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, security restriction bypass, sensitive information disclosure,  remote code execution and data manipulation on the targeted system.

 

Note: 

CVE-2026-31431 is being exploited in the wild. Copy Fail (CVE-2026-31431) is a logic bug in the Linux kernel's authencesn cryptographic template. It lets an unprivileged local user trigger a deterministic, controlled 4-byte write into the page cache of any readable file on the system. A single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017.

 

CVE-2026-43284 and CVE-2026-43500 (commonly known as "Dirty Frag") are being scattered exploited. If exploited, these vulnerability could allow a local user with low privileges to gain elevated system (root) permissions.

 

Proof of Concept exploit code is publicly available for CVE-2026-46333. This vulnerability is a Linux kernel race condition during process exit that allows a local unprivileged user to read root-only sensitive files. If exploited, it may disclose data such as SSH host private keys or /etc/shadow contents.

 

[Updated on 2026-05-08]

Updated Description, System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.

 

[Updated on 2026-05-12]

Updated Description, System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.

 

[Updated on 2026-05-18]

Updated Solutions and Related Links.

 

[Updated on 2026-05-22]

Updated Description, System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.

 

[Updated on 2026-05-26]

Updated Solutions and Related Links.

 

[Updated on 2026-05-27]

Updated Solutions, Vulnerability Identifier and Related Links.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Elevation of Privilege
  • Data Manipulation
  • Information Disclosure

System / Technologies affected

  • Basesystem Module 15-SP7
  • Development Tools Module 15-SP7
  • Legacy Module 15-SP7
  • Public Cloud Module 15-SP7
  • SUSE Linux Enterprise Desktop 15 SP7
  • SUSE Linux Enterprise High Availability Extension 15 SP4
  • SUSE Linux Enterprise High Availability Extension 15 SP6
  • SUSE Linux Enterprise High Availability Extension 15 SP7
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
  • SUSE Linux Enterprise Live Patching 12-SP5
  • SUSE Linux Enterprise Live Patching 15-SP4
  • SUSE Linux Enterprise Live Patching 15-SP5
  • SUSE Linux Enterprise Live Patching 15-SP6
  • SUSE Linux Enterprise Live Patching 15-SP7
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro 5.5
  • SUSE Linux Enterprise Micro for Rancher 5.2
  • SUSE Linux Enterprise Micro for Rancher 5.3
  • SUSE Linux Enterprise Micro for Rancher 5.4
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Real Time 15 SP5
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Real Time 15 SP7
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server 12 SP5 LTSS
  • SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server 15 SP4 LTSS
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server 15 SP5 LTSS
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server 15 SP6 LTSS
  • SUSE Linux Enterprise Server 15 SP7
  • SUSE Linux Enterprise Server 16.0
  • SUSE Linux Enterprise Server High Availability Extension 16.0
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP7
  • SUSE Linux Enterprise Server for SAP applications 16.0
  • SUSE Linux Enterprise Workstation Extension 15 SP7
  • SUSE Linux Micro 6.0
  • SUSE Linux Micro 6.1
  • SUSE Linux Micro 6.2
  • SUSE Linux Micro Extras 6.0
  • SUSE Linux Micro Extras 6.1
  • SUSE Linux Micro Extras 6.2
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3
  • SUSE Real Time Module 15-SP7
  • openSUSE Leap 15.3
  • openSUSE Leap 15.4
  • openSUSE Leap 15.5
  • openSUSE Leap 15.6

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

Related Tags

SUSELinuxDenial of ServiceElevation of PrivilegeSecurity Restriction BypassRemote Code ExecutionInformation DisclosureExploit In The WildScattered ExploitProof of Concept

Share with

Previous

Nginx Remote Code Execution Vulnerability

27 May 2026 5076 Views

Next

Ubuntu Linux Kernel Multiple Vulnerabilities

11 May 2026 8439 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY