SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 41 |
| CVE-ID | CVE-2021-46955 CVE-2021-47041 CVE-2021-47074 CVE-2021-47113 CVE-2021-47131 CVE-2021-47184 CVE-2021-47194 CVE-2021-47198 CVE-2021-47201 CVE-2021-47203 CVE-2021-47206 CVE-2021-47207 CVE-2021-47212 CVE-2021-47216 CVE-2022-48631 CVE-2022-48638 CVE-2022-48650 CVE-2022-48651 CVE-2022-48654 CVE-2022-48672 CVE-2022-48686 CVE-2022-48687 CVE-2022-48693 CVE-2022-48695 CVE-2022-48701 CVE-2022-48702 CVE-2024-0639 CVE-2024-23307 CVE-2024-26610 CVE-2024-26688 CVE-2024-26689 CVE-2024-26739 CVE-2024-26744 CVE-2024-26816 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26898 CVE-2024-26903 CVE-2024-26906 CVE-2024-27043 |
| CWE-ID | CWE-125 CWE-667 CWE-401 CWE-399 CWE-416 CWE-476 CWE-665 CWE-119 CWE-388 CWE-20 CWE-193 CWE-200 CWE-190 CWE-366 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system kernel-source-rt Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 41 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU88889
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-46955
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ovs_fragment() function in net/openvswitch/actions.c when running openvswitch on kernels built with KASAN. A remote attacker can send specially crafted IPv4 packets to the system, trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper locking
EUVDB-ID: #VU89745
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-47041
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvmet_tcp_state_change() function in drivers/nvme/target/tcp.c. An remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU90027
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvme_loop_create_ctrl() function in drivers/nvme/target/loop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU89258
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47113
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the btrfs_rename_exchange() function in fs/btrfs/inode.c. A local user can corrupt the filesystem and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90223
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47131
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tls_ctx_create() function in net/tls/tls_main.c, within the tls_validate_xmit_skb() function in net/tls/tls_device_fallback.c, within the tls_device_gc_task(), tls_device_rx_resync_new_rec(), tls_device_decrypted() and tls_device_down() functions in net/tls/tls_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU90587
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47184
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_sync_filters_subtask() and i40e_vsi_release() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper initialization
EUVDB-ID: #VU92392
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47194
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU90208
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47198
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_mbx_cmpl_fc_reg_login() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource management error
EUVDB-ID: #VU92971
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47201
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iavf_disable_vf() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU93156
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47203
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU92072
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47206
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ohci_hcd_tmio_drv_probe() function in drivers/usb/host/ohci-tmio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU90583
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47207
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_gf1_dma_interrupt() function in sound/isa/gus/gus_dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Error Handling
EUVDB-ID: #VU89241
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47212
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect error handling within the mlx5_internal_err_ret_value() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory leak
EUVDB-ID: #VU91648
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-47216
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the asc_prt_adv_board_info() function in drivers/scsi/advansys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper locking
EUVDB-ID: #VU92033
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48631
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_ext_check() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU93687
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48638
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cgroup_get_from_id() function in kernel/cgroup/cgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Memory leak
EUVDB-ID: #VU89997
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48650
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __qlt_24xx_handle_abts() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU89680
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-48651
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in drivers/net/ipvlan/ipvlan_core.c. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU91645
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48654
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the nf_osf_find() function in net/netfilter/nfnetlink_osf.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Off-by-one
EUVDB-ID: #VU91174
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48672
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an off-by-one error within the unflatten_dt_nodes() function in drivers/of/fdt.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU90175
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48686
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU90314
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48687
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Information disclosure
EUVDB-ID: #VU91352
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48693
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the brcmstb_pm_probe() function in drivers/soc/bcm/brcmstb/pm/pm-arm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU90171
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48695
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_next_fw_event() and _scsih_fw_event_cleanup_queue() functions in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU90313
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48701
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_usb_parse_audio_interface() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Out-of-bounds read
EUVDB-ID: #VU90312
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-48702
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_emu10k1_pcm_channel_alloc() function in sound/pci/emu10k1/emupcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper locking
EUVDB-ID: #VU88894
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-0639
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper locking within the sctp_auto_asconf_init() function in net/sctp/socket.c. A local user can crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Integer overflow
EUVDB-ID: #VU88102
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Buffer overflow
EUVDB-ID: #VU89679
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26610
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU90603
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU90220
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26689
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU90214
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26739
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU90596
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26744
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU91650
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26816
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Memory leak
EUVDB-ID: #VU90005
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use-after-free
EUVDB-ID: #VU90194
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Race condition within a thread
EUVDB-ID: #VU91434
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26862
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) NULL pointer dereference
EUVDB-ID: #VU92070
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26903
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper error handling
EUVDB-ID: #VU92944
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26906
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the copy_from_kernel_nofault_allowed() function in arch/x86/mm/maccess.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU90178
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.169.1
kernel-rt-debuginfo: before 5.3.18-150300.169.1
kernel-rt-debugsource: before 5.3.18-150300.169.1
kernel-rt: before 5.3.18-150300.169.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
- cpe:2.3:a:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*
https://www.suse.com/support/update/announcement/2024/suse-su-20241645-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
