SUSE update for the Linux Kernel
Security Bulletin
This security bulletin contains information about 37 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU88889
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46955
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ovs_fragment() function in net/openvswitch/actions.c when running openvswitch on kernels built with KASAN. A remote attacker can send specially crafted IPv4 packets to the system, trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU89745
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47041
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_tcp_state_change() function in drivers/nvme/target/tcp.c. An remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU90027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvme_loop_create_ctrl() function in drivers/nvme/target/loop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU89258
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47113
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the btrfs_rename_exchange() function in fs/btrfs/inode.c. A local user can corrupt the filesystem and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90223
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47131
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_ctx_create() function in net/tls/tls_main.c, within the tls_validate_xmit_skb() function in net/tls/tls_device_fallback.c, within the tls_device_gc_task(), tls_device_rx_resync_new_rec(), tls_device_decrypted() and tls_device_down() functions in net/tls/tls_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU90587
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47184
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_sync_filters_subtask() and i40e_vsi_release() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU91528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47185
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper initialization
EUVDB-ID: #VU92392
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47194
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU90208
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47198
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_mbx_cmpl_fc_reg_login() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU92971
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47201
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iavf_disable_vf() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Buffer overflow
EUVDB-ID: #VU93156
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47203
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU92072
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47206
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ohci_hcd_tmio_drv_probe() function in drivers/usb/host/ohci-tmio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) NULL pointer dereference
EUVDB-ID: #VU90583
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47207
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_gf1_dma_interrupt() function in sound/isa/gus/gus_dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Error Handling
EUVDB-ID: #VU89241
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47212
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect error handling within the mlx5_internal_err_ret_value() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU92033
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48631
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_ext_check() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU89680
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48651
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in drivers/net/ipvlan/ipvlan_core.c. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU91645
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48654
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the nf_osf_find() function in net/netfilter/nfnetlink_osf.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU90314
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48687
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU78675
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2860
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the SR-IPv6 implementation when processing seg6 attributes. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU88894
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0639
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper locking within the sctp_auto_asconf_init() function in net/sctp/socket.c. A local user can crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU89389
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU87192
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22099
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Integer overflow
EUVDB-ID: #VU88102
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU90603
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU90220
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26689
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU90214
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26739
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) NULL pointer dereference
EUVDB-ID: #VU90596
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26744
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory leak
EUVDB-ID: #VU91650
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26816
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU90005
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU90194
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Race condition within a thread
EUVDB-ID: #VU91434
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26862
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU92070
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26903
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper error handling
EUVDB-ID: #VU92944
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26906
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the copy_from_kernel_nofault_allowed() function in arch/x86/mm/maccess.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU90178
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
reiserfs-kmp-default: before 5.3.18-150200.24.191.1
kernel-docs: before 5.3.18-150200.24.191.1
kernel-devel: before 5.3.18-150200.24.191.1
kernel-source: before 5.3.18-150200.24.191.1
kernel-macros: before 5.3.18-150200.24.191.1
kernel-preempt-devel: before 5.3.18-150200.24.191.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-preempt-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-devel: before 5.3.18-150200.24.191.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.191.1
kernel-preempt-debugsource: before 5.3.18-150200.24.191.1
kernel-syms: before 5.3.18-150200.24.191.1
kernel-obs-build: before 5.3.18-150200.24.191.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-base: before 5.3.18-150200.24.191.1.150200.9.97.1
kernel-preempt: before 5.3.18-150200.24.191.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
ocfs2-kmp-default: before 5.3.18-150200.24.191.1
dlm-kmp-default: before 5.3.18-150200.24.191.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
gfs2-kmp-default: before 5.3.18-150200.24.191.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.191.1
cluster-md-kmp-default: before 5.3.18-150200.24.191.1
kernel-default-debugsource: before 5.3.18-150200.24.191.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.191.1
kernel-livepatch-5_3_18-150200_24_191-default: before 1-150200.5.3.1
kernel-default-debuginfo: before 5.3.18-150200.24.191.1
kernel-default-livepatch: before 5.3.18-150200.24.191.1
kernel-livepatch-SLE15-SP2_Update_48-debugsource: before 1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_191-default-debuginfo: before 1-150200.5.3.1
kernel-default: before 5.3.18-150200.24.191.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241650-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
