Changeflow GovPing Data Privacy & Cybersecurity CERT-FR Advisory: Multiple SUSE Linux Kernel Vu...
Priority review Guidance Added Final

CERT-FR Advisory: Multiple SUSE Linux Kernel Vulnerabilities

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published
Detected
Email

Summary

CERT-FR published advisory CERTFR-2026-AVI-0497 on 24 April 2026 alerting to multiple vulnerabilities discovered in SUSE Linux Kernel. The vulnerabilities enable attackers to achieve privilege escalation, data confidentiality breach, security policy bypass, and denial of service. Thirty-seven SUSE security bulletins (SUSE-SU-2026 series) from 13–23 April 2026 form the source, affecting over 50 SUSE product lines including SUSE Linux Enterprise Server, Live Patching, Real Time, Micro, and SUSE Manager products. Affected organisations should obtain patches from SUSE via the referenced security bulletins.

“De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE.”

CERT-FR , verbatim from source
Published by CERT-FR on cert.ssi.gouv.fr . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

CERT-FR is the French government's national cybersecurity incident response team, run by the ANSSI. Their advisory feed publishes vulnerability disclosures, active exploitation warnings, and emergency patching guidance for software in widespread enterprise use: browsers, hypervisors, ERP systems, network equipment, file transfer products. Around 180 advisories a month. The advisories are written in French but cover the same vulnerability universe as CISA, NCSC-UK, BSI's CERT-Bund, and JPCERT, often hours earlier on European-headquartered vendors. Watch this if you patch enterprise software, run a SOC, write detection content, or track Schneider, Dassault, OVH, Atos, or any French-vendor advisory faster than English-language sources will surface it. GovPing publishes each advisory with the affected vendor, severity, and CERT-FR link.

View original document View source feed page

What changed

CERT-FR issued advisory CERTFR-2026-AVI-0497 documenting multiple kernel-level vulnerabilities in SUSE Linux products. The vulnerabilities carry risks including data confidentiality breach, security policy bypass, denial of service, and privilege elevation. Patches are available via SUSE security bulletins SUSE-SU-2026:XXXXX-1 series (37 bulletins referenced, dated 13–23 April 2026).

Organisations running affected SUSE products—spanning SUSE Linux Enterprise Server, High Performance Computing, Live Patching, Real Time, Micro, and Manager product lines—should review the SUSE security bulletins and apply available patches promptly. No specific compliance deadlines or penalties are stated in the advisory.

Archived snapshot

Apr 24, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 24 avril 2026 N° CERTFR-2026-AVI-0497 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans le noyau Linux de SUSE

Gestion du document

| Référence | CERTFR-2026-AVI-0497 |
| Titre | Multiples vulnérabilités dans le noyau Linux de SUSE |
| Date de la première version | 24 avril 2026 |
| Date de la dernière version | 24 avril 2026 |
| Source(s) | Bulletin de sécurité SUSE SUSE-SU-2026:21114-1 du 13 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:21120-1 du 13 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:21122-1 du 13 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:21123-1 du 13 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:21129-1 du 13 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:21131-1 du 13 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:21221-1 du 13 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1444-1 du 17 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:21255-1 du 17 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1447-1 du 18 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1454-1 du 18 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1456-1 du 19 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1458-1 du 19 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1463-1 du 20 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1464-1 du 20 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1468-1 du 20 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1469-1 du 20 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:21230-1 du 20 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:21237-1 du 20 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1505-1 du 21 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1513-1 du 21 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1527-1 du 21 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1531-1 du 21 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1532-1 du 21 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1535-1 du 21 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1537-1 du 21 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1557-1 du 22 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1560-1 du 23 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1563-1 du 23 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1573-1 du 23 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1574-1 du 23 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1575-1 du 23 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1578-1 du 23 avril 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1583-1 du 23 avril 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à la confidentialité des données
  • Contournement de la politique de sécurité
  • Déni de service
  • Non spécifié par l'éditeur
  • Élévation de privilèges

Systèmes affectés

  • openSUSE Leap 15.4
  • openSUSE Leap 15.5
  • openSUSE Leap 15.6
  • SUSE Linux Enterprise High Availability Extension 15 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise High Performance Computing 15 SP4
  • SUSE Linux Enterprise High Performance Computing 15 SP5
  • SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
  • SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
  • SUSE Linux Enterprise Live Patching 12-SP5
  • SUSE Linux Enterprise Live Patching 15-SP4
  • SUSE Linux Enterprise Live Patching 15-SP5
  • SUSE Linux Enterprise Live Patching 15-SP6
  • SUSE Linux Enterprise Live Patching 15-SP7
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro 5.5
  • SUSE Linux Enterprise Micro for Rancher 5.2
  • SUSE Linux Enterprise Micro for Rancher 5.3
  • SUSE Linux Enterprise Micro for Rancher 5.4
  • SUSE Linux Enterprise Real Time 15 SP4
  • SUSE Linux Enterprise Real Time 15 SP5
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Real Time 15 SP7
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server 15 SP4
  • SUSE Linux Enterprise Server 15 SP4 LTSS
  • SUSE Linux Enterprise Server 15 SP5
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server 15 SP7
  • SUSE Linux Enterprise Server 16.0
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP4
  • SUSE Linux Enterprise Server for SAP Applications 15 SP5
  • SUSE Linux Enterprise Server for SAP Applications 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP7
  • SUSE Linux Enterprise Server for SAP applications 16.0
  • SUSE Linux Micro 6.0
  • SUSE Linux Micro 6.1
  • SUSE Linux Micro 6.2
  • SUSE Linux Micro Extras 6.0
  • SUSE Linux Micro Extras 6.1
  • SUSE Linux Micro Extras 6.2
  • SUSE Manager Proxy 4.3
  • SUSE Manager Retail Branch Server 4.3
  • SUSE Manager Server 4.3
  • SUSE Real Time Module 15-SP7

Résumé

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 24 avril 2026 Version initiale

Parties

SUSE

Related changes

Favicon for www.cert.ssi.gouv.fr Multiple Ubuntu Linux Kernel Vulnerabilities Including Privilege Escalation Risk
Priority review Apr 24, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in Spring Boot, 8 CVEs Identified
Urgent Apr 24, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in Red Hat Linux Kernel Affecting Enterprise Products
Priority review Apr 24, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity

Get daily alerts for CERT-FR Security Advisories

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CERT-FR
Published
April 24th, 2026
Instrument
Guidance
Branch
Executive
Source language
fr
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies Government agencies Healthcare providers
Industry sector
5112 Software & Technology
Activity scope
Vulnerability management Patch management Server administration
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Intellectual Property

Browse Categories

Agriculture & Food Safety 84 AI Regulation 3 Banking & Finance 499 Consumer Protection 141 Courts & Legal 635 Data Privacy & Cybersecurity 150 Defense & National Security 52 Education 64 Energy 138 Environment 170 Gaming 2 Government & Legislation 522 Healthcare 15 Healthcare & Life Sciences 401 Immigration 11 Insurance 90 Labor & Employment 193 Pharma & Drug Safety 21 Professional Licensing 6 Real Estate & Housing 76 Securities & Markets 175 Tax 116 Telecom & Technology 56 Trade & Sanctions 169 Transportation 129

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!