Changeflow GovPing Data Privacy & Cybersecurity SUSE Linux Kernel Multiple Vulnerabilities Advi...
Priority review Notice Added Final

SUSE Linux Kernel Multiple Vulnerabilities Advisory

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published April 3rd, 2026
Detected April 3rd, 2026
Email

Summary

CERT-FR issued advisory CERTFR-2026-AVI-0398 alerting to 14 SUSE security bulletins covering multiple vulnerabilities in SUSE Linux kernel. Affected systems include SUSE Linux Enterprise Server, Live Patching, Real Time, and openSUSE Leap 15.6. Attackers could exploit these flaws to achieve data confidentiality breaches, data integrity compromise, security policy bypass, denial of service, and privilege escalation.

View original document View source feed page

What changed

CERT-FR published security advisory CERTFR-2026-AVI-0398 covering 14 SUSE security bulletins (SUSE-SU-2026:20840-1 through SUSE-SU-2026:1136-1) issued between March 25-27, 2026. The vulnerabilities affect 18 SUSE products including SUSE Linux Enterprise Server 11 SP4 through 15 SP7, Live Patching 15-SP6/7, Real Time 15 SP6/7, and openSUSE Leap 15.6. Exploitation risks include data confidentiality compromise, data integrity violation, security policy circumvention, denial of service, and local privilege escalation.

Organizations running affected SUSE Linux systems should immediately reference the linked SUSE security bulletins to obtain and apply the available patches. No specific compliance deadline is stated, but immediate remediation is recommended given the severity of potential impacts including data breach and privilege escalation. Failure to patch could expose systems to remote or local attacks.

What to do next

  1. Identify all SUSE Linux systems running affected versions (11 SP4 through 15 SP7, Micro, Live Patching, Real Time)
  2. Apply patches from SUSE security bulletins referenced in CERTFR-2026-AVI-0398
  3. Verify patch implementation and monitor for exploitation attempts

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 03 avril 2026 N° CERTFR-2026-AVI-0398 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans le noyau Linux de SUSE

Gestion du document

| Référence | CERTFR-2026-AVI-0398 |
| Titre | Multiples vulnérabilités dans le noyau Linux de SUSE |
| Date de la première version | 03 avril 2026 |
| Date de la dernière version | 03 avril 2026 |
| Source(s) | Bulletin de sécurité SUSE SUSE-SU-2026:20840-1 du 25 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:20841-1 du 25 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:20842-1 du 25 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:20947-1 du 25 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1100-1 du 26 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1096-1 du 27 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1099-1 du 27 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1101-1 du 27 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1102-1 du 27 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1125-1 du 27 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1130-1 du 27 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1131-1 du 27 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1132-1 du 27 mars 2026
Bulletin de sécurité SUSE SUSE-SU-2026:1136-1 du 27 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à l'intégrité des données
  • Atteinte à la confidentialité des données
  • Contournement de la politique de sécurité
  • Déni de service
  • Non spécifié par l'éditeur
  • Élévation de privilèges

Systèmes affectés

  • openSUSE Leap 15.6
  • SUSE Linux Enterprise Live Patching 15-SP6
  • SUSE Linux Enterprise Live Patching 15-SP7
  • SUSE Linux Enterprise Micro 5.3
  • SUSE Linux Enterprise Micro 5.4
  • SUSE Linux Enterprise Micro For Rancher 5.3
  • SUSE Linux Enterprise Micro for Rancher 5.4
  • SUSE Linux Enterprise Real Time 15 SP6
  • SUSE Linux Enterprise Real Time 15 SP7
  • SUSE Linux Enterprise Server - bCI 16.0
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
  • SUSE Linux Enterprise Server 15 SP6
  • SUSE Linux Enterprise Server 15 SP7
  • SUSE Linux ENterprise Server for SAP Applications 15 SP6
  • SUSE Linux Enterprise Server for SAP Applications 15 SP7
  • SUSE Linux Micro 6.2

Résumé

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 03 avril 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr Synology Mail Station Vulnerability Advisory
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Multiple Vulnerabilities in VMware Tanzu MySQL Kubernetes
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft Edge Multiple Security Vulnerabilities Advisory
Priority review Apr 03, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cssf.lu Active Supply Chain Attack Targeting Axios NPM
Urgent Apr 04, 2026 CSSF News Banking & Finance
Favicon for www.oig.dot.gov FAA High-Impact System Security Gaps in National Airspace
Priority review Apr 03, 2026 DOT OIG Reports Transportation
Favicon for www.enisa.europa.eu EU Digital Wallet Certification Scheme Public Consultation
Priority review Apr 03, 2026 ENISA News Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
April 3rd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0398

Who this affects

Applies to
Technology companies Government agencies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability Management System Patching Kernel Security
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Network Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 266 Consumer & Competition 1 Consumer Protection 43 Courts & Legal 358 Data Privacy & Cybersecurity 74 Defense & National Security 52 Education 20 Energy 101 Environment 85 Government & Legislation 274 Healthcare 135 Housing 16 Immigration 9 Insurance 58 Labor & Employment 113 Legal & Courts 1 medical-board 1 Pharma & Drug Safety 103 Securities & Markets 104 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.