SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 48 |
| CVE-ID | CVE-2021-26341 CVE-2021-33061 CVE-2021-4204 CVE-2021-44879 CVE-2021-45402 CVE-2022-0264 CVE-2022-0494 CVE-2022-0617 CVE-2022-1012 CVE-2022-1016 CVE-2022-1184 CVE-2022-1198 CVE-2022-1205 CVE-2022-1508 CVE-2022-1651 CVE-2022-1652 CVE-2022-1671 CVE-2022-1679 CVE-2022-1729 CVE-2022-1734 CVE-2022-1789 CVE-2022-1852 CVE-2022-1966 CVE-2022-1972 CVE-2022-1974 CVE-2022-1998 CVE-2022-20132 CVE-2022-20154 CVE-2022-21123 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21180 CVE-2022-21499 CVE-2022-2318 CVE-2022-23222 CVE-2022-26365 CVE-2022-26490 CVE-2022-29582 CVE-2022-29900 CVE-2022-29901 CVE-2022-30594 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742 CVE-2022-33743 CVE-2022-33981 CVE-2022-34918 |
| CWE-ID | CWE-668 CWE-20 CWE-125 CWE-476 CWE-755 CWE-200 CWE-401 CWE-416 CWE-362 CWE-787 CWE-264 CWE-459 CWE-284 CWE-119 CWE-1037 CWE-276 CWE-399 CWE-843 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #23 is available. Public exploit code for vulnerability #24 is available. Public exploit code for vulnerability #36 is available. Vulnerability #48 is being exploited in the wild. |
| Vulnerable software |
SUSE Linux Enterprise Module for Public Cloud Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system kernel-source-azure Operating systems & Components / Operating system package or component kernel-devel-azure Operating systems & Components / Operating system package or component reiserfs-kmp-azure-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-azure Operating systems & Components / Operating system package or component ocfs2-kmp-azure-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-azure Operating systems & Components / Operating system package or component kselftests-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kselftests-kmp-azure Operating systems & Components / Operating system package or component kernel-syms-azure Operating systems & Components / Operating system package or component kernel-azure-optional-debuginfo Operating systems & Components / Operating system package or component kernel-azure-optional Operating systems & Components / Operating system package or component kernel-azure-livepatch-devel Operating systems & Components / Operating system package or component kernel-azure-extra-debuginfo Operating systems & Components / Operating system package or component kernel-azure-extra Operating systems & Components / Operating system package or component kernel-azure-devel-debuginfo Operating systems & Components / Operating system package or component kernel-azure-devel Operating systems & Components / Operating system package or component kernel-azure-debugsource Operating systems & Components / Operating system package or component kernel-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure Operating systems & Components / Operating system package or component gfs2-kmp-azure-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-azure Operating systems & Components / Operating system package or component dlm-kmp-azure-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-azure Operating systems & Components / Operating system package or component cluster-md-kmp-azure-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-azure Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 48 vulnerabilities.
1) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU61565
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-26341
CWE-ID:
CWE-668 - Exposure of resource to wrong sphere
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to some AMD CPUs may transiently execute beyond unconditional direct branches. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU60490
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-33061
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient control flow management. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU86247
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2021-4204
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition in Linux kernel eBPF. A local user trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) NULL pointer dereference
EUVDB-ID: #VU62483
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-44879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the gc_data_segment() function in fs/f2fs/gc.c. A local user can mount a specially crafted f2fs image, trigger a NULL pointer dereference and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU63567
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-45402
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to check_alu_op() function in kernel/bpf/verifier.c does not properly update bounds while handling the mov32 instruction. A local user can obtain potentially sensitive address information.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Handling of Exceptional Conditions
EUVDB-ID: #VU63570
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0264
CWE-ID:
CWE-755 - Improper Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists in the Linux kernel's eBPF verifier when handling internal data structures. A local user can leak internal kernel memory details.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU64259
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0494
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU61210
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-0617
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU64079
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-1012
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient randomization in the net/ipv4/tcp.c when calculating port offsets in Linux kernel cause by small table perturb size. A remote attacker can cause memory leak and gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU62028
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1016
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU64438
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1184
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in fs/ext4/namei.c:dx_insert_block() function in the Linux kernel’s filesystem sub-component.. A local user can trigger use-after-free and perform a denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU63431
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1198
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in the drivers/net/hamradio/6pack.c. A local user can perform a denial of service (DoS) attack by simulating Amateur Radio.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU63433
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1205
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a null pointer dereference and use after free errors in the net/ax25/ax25_timer.c. A local user can simulate Amateur Radio and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds read
EUVDB-ID: #VU90364
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1508
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to access sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the io_read() and iov_iter_reexpand() functions in fs/io_uring.c. A local user can access sensitive information or perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Memory leak
EUVDB-ID: #VU64076
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1651
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform DoS attack on the target system.
The vulnerability exists due memory leak in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c() function in how the ACRN Device Model emulates virtual NICs in VM. A local privileged user can leak unauthorized kernel information, causing a denial of service.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free
EUVDB-ID: #VU64434
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1652
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to use-after-free error in the bad_flp_intr() function. A local user can execute a specially-crafted program to cause a denial of service condition on the system or escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) NULL pointer dereference
EUVDB-ID: #VU64077
Risk: Low
CVSSv4.0: 4.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1671
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. A local user can crash the system or leak internal kernel information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Use-after-free
EUVDB-ID: #VU64861
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1679
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath9k_htc_wait_for_target() function in the Linux kernel’s Atheros wireless adapter driver. A local user can execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Race condition
EUVDB-ID: #VU64156
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1729
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within sys_perf_event_open() in Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU64082
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1734
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to Marvell NFC device driver implementation in the Linux kernel did not properly perform memory cleanup operations in some situations. A local user can trigger use-after-free to escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU64261
Risk: Low
CVSSv4.0: 2.2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1789
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference in kvm_mmu_invpcid_gva. A local attacker can trigger vulnerability to perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU64262
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1852
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s KVM module. A local user can perform a denial of service (DoS) attack in the x86_emulate_insn in arch/x86/kvm/emulate.c.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU64070
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2022-1966
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can trigger use-after-free error to escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
24) Out-of-bounds write
EUVDB-ID: #VU64073
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2022-1972
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input in the Linux kernel's netfilter subsystem. A local user can trigger out-of-bounds write to escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
25) Use-after-free
EUVDB-ID: #VU64263
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1974
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. A local attacker with CAP_NET_ADMIN privilege can leak kernel information and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU69338
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-1998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the copy_event_to_user() function in Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Information disclosure
EUVDB-ID: #VU64136
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20132
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the USB HID component in Linux Kernel. A local user can trigger the vulnerability to gain access to potentially sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU64207
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-20154
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unspecified error in the Linux Kernel. A local user can bypass security restrictions and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Information disclosure
EUVDB-ID: #VU64364
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21123
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Information disclosure
EUVDB-ID: #VU64365
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21125
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Incomplete cleanup
EUVDB-ID: #VU64376
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21127
CWE-ID:
CWE-459 - Incomplete cleanup
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information on the system.
The vulnerability exists due to incomplete cleanup in specific special register read operations. A local user can enable information disclosure.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Information disclosure
EUVDB-ID: #VU64366
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21166
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Input validation error
EUVDB-ID: #VU64377
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21180
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in Memory Mapped I/O (MMIO) for some 14nm Client/Xeon E3 Intel® Processors. A local user can pass specially crafted input and perform a denial of service (DoS) attack in certain virtualized environments.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper access control
EUVDB-ID: #VU63961
Risk: Low
CVSSv4.0: 5.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-21499
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions to the kernel debugger when booted in secure boot environments. A local privileged user can bypass UEFI Secure Boot restrictions.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU65318
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-2318
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error caused by timer handler in net/rose/rose_timer.c of linux. A local user can exploit the vulnerability to perform a denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Security restrictions bypass
EUVDB-ID: #VU59896
Risk: Low
CVSSv4.0: 6.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2022-23222
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to availability of pointer arithmetic via certain *_OR_NULL pointer types in kernel/bpf/verifier.c in the Linux kernel. A local user can run a specially crafted program to execute arbitrary code with root privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
37) Information disclosure
EUVDB-ID: #VU65345
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-26365
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU62601
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-26490
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the st21nfca_connectivity_event_received() function in drivers/nfc/st21nfca/se.c in Linux kernel. A local user can run a specially crafted program to trigger buffer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU63792
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-29582
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the io_uring timeouts() function in the Linux kernel. A local user can trigger a race condition between timeout flush and removal to cause a denial of service or escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU65205
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-29900
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a mistrained branch predictions for return instructions. A local user can execute arbitrary speculative code under certain microarchitecture-dependent conditions. The vulnerability was dubbed RETbleed.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU65220
Risk: Low
CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-29901
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the way non-transparent sharing of branch predictor targets between contexts. A local user can exploit the vulnerability to gain access to sensitive information.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Incorrect default permissions
EUVDB-ID: #VU63631
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-30594
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to mishandling seccomp permissions. A local user can bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Information disclosure
EUVDB-ID: #VU65346
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33740
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend. A local user can gain unauthorized access to sensitive information on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Information disclosure
EUVDB-ID: #VU65351
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33741
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Information disclosure
EUVDB-ID: #VU65348
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33742
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend. A local user can gain unauthorized access to sensitive information on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Resource management error
EUVDB-ID: #VU65841
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33743
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a malicious network backend to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in eXpress Data Path support implementation in Xen, allowing Linux netfront to use freed SKBs. A malicious network backend can cause denial of service on the guest OS.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU64944
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-33981
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service attack.
The vulnerability exists due to a use-after-free error in drivers/block/floppy.c in the Linux kernel when deallocating raw_cmd in the raw_cmd_ioctl function(). A local user can trigger use-after-free and perform denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Type Confusion
EUVDB-ID: #VU65360
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2022-34918
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. A local user can pass specially crafted data to the application, trigger a type confusion error and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Module for Public Cloud: 15-SP4
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Server: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
kernel-source-azure: before 5.14.21-150400.14.7.1
kernel-devel-azure: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
reiserfs-kmp-azure: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
ocfs2-kmp-azure: before 5.14.21-150400.14.7.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
kselftests-kmp-azure: before 5.14.21-150400.14.7.1
kernel-syms-azure: before 5.14.21-150400.14.7.1
kernel-azure-optional-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-optional: before 5.14.21-150400.14.7.1
kernel-azure-livepatch-devel: before 5.14.21-150400.14.7.1
kernel-azure-extra-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-extra: before 5.14.21-150400.14.7.1
kernel-azure-devel-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure-devel: before 5.14.21-150400.14.7.1
kernel-azure-debugsource: before 5.14.21-150400.14.7.1
kernel-azure-debuginfo: before 5.14.21-150400.14.7.1
kernel-azure: before 5.14.21-150400.14.7.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
gfs2-kmp-azure: before 5.14.21-150400.14.7.1
dlm-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
dlm-kmp-azure: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150400.14.7.1
cluster-md-kmp-azure: before 5.14.21-150400.14.7.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_module_for_public_cloud:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_retail_branch_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_server:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_manager_proxy:4.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing:15-SP4:*:*:*:*:*:*:*
- cpe:2.3:o:suse:kernel-source-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-devel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:reiserfs-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:ocfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kselftests-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-syms-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-optional:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-livepatch-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-extra:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-devel:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:kernel-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:gfs2-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:dlm-kmp-azure:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:o:suse:cluster-md-kmp-azure:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2022/suse-su-20222615-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
