SUSE update for the Linux Kernel



Risk Low
Patch available YES
Number of vulnerabilities 68
CVE-ID CVE-2021-46925
CVE-2021-46926
CVE-2021-46927
CVE-2021-46929
CVE-2021-46930
CVE-2021-46931
CVE-2021-46933
CVE-2021-46936
CVE-2021-47082
CVE-2021-47087
CVE-2021-47091
CVE-2021-47093
CVE-2021-47094
CVE-2021-47095
CVE-2021-47096
CVE-2021-47097
CVE-2021-47098
CVE-2021-47099
CVE-2021-47100
CVE-2021-47101
CVE-2021-47102
CVE-2021-47104
CVE-2021-47105
CVE-2021-47107
CVE-2021-47108
CVE-2022-48626
CVE-2022-48629
CVE-2022-48630
CVE-2023-35827
CVE-2023-52450
CVE-2023-52454
CVE-2023-52469
CVE-2023-52470
CVE-2023-52474
CVE-2023-52477
CVE-2023-52492
CVE-2023-52497
CVE-2023-52501
CVE-2023-52502
CVE-2023-52504
CVE-2023-52507
CVE-2023-52508
CVE-2023-52509
CVE-2023-52510
CVE-2023-52511
CVE-2023-52513
CVE-2023-52515
CVE-2023-52517
CVE-2023-52519
CVE-2023-52520
CVE-2023-52523
CVE-2023-52524
CVE-2023-52525
CVE-2023-52528
CVE-2023-52529
CVE-2023-52532
CVE-2023-52564
CVE-2023-52566
CVE-2023-52567
CVE-2023-52569
CVE-2023-52574
CVE-2023-52576
CVE-2023-52582
CVE-2023-52583
CVE-2023-52597
CVE-2023-52621
CVE-2024-25742
CVE-2024-26600
CWE-ID CWE-667
CWE-399
CWE-617
CWE-416
CWE-121
CWE-415
CWE-763
CWE-401
CWE-476
CWE-908
CWE-125
CWE-190
CWE-264
CWE-119
CWE-200
CWE-835
CWE-400
CWE-362
CWE-388
CWE-254
CWE-94
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
openSUSE Leap Micro
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro for Rancher
Operating systems & Components / Operating system

SUSE Linux Enterprise Micro
Operating systems & Components / Operating system

kernel-source-rt
Operating systems & Components / Operating system package or component

kernel-rt-debugsource
Operating systems & Components / Operating system package or component

kernel-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 68 vulnerabilities.

1) Improper locking

EUVDB-ID: #VU92051

Risk: Low

CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46925

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smc_wr_is_tx_pend(), smc_wr_tx_process_cqe(), smc_wr_reg_send() and smc_wr_free_link() functions in net/smc/smc_wr.c, within the smc_ib_modify_qp_rts() function in net/smc/smc_ib.c, within the smc_conn_free(), smcr_link_clear(), smc_conn_kill(), smc_smcd_terminate_all(), smc_smcr_terminate_all(), smcr_link_down() and init_waitqueue_head() functions in net/smc/smc_core.c, within the smc_cdc_tx_handler(), smc_cdc_msg_send(), smcr_cdc_msg_send_validation() and smc_cdc_get_slot_and_msg_send() functions in net/smc/smc_cdc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource management error

EUVDB-ID: #VU89253

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46926

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the sdw_intel_acpi_cb() function in sound/hda/intel-sdw-acpi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Reachable assertion

EUVDB-ID: #VU90917

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46927

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the ne_set_user_memory_region_ioctl() function in drivers/virt/nitro_enclaves/ne_misc_dev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU90257

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46929

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the sctp_transport_lookup_process() and sctp_transport_get_idx() functions in net/sctp/socket.c, within the sctp_sock_dump() and sctp_sock_filter() functions in net/sctp/sctp_diag.c, within the sctp_endpoint_free() and sctp_endpoint_destroy() functions in net/sctp/endpointola.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU90258

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46930

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mtu3_alloc_request() function in drivers/usb/mtu3/mtu3_gadget.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Stack-based buffer overflow

EUVDB-ID: #VU91303

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46931

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the mlx5e_tx_reporter_dump_sq() and mlx5e_reporter_tx_timeout() functions in drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU90259

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46933

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ffs_data_clear() and ffs_data_reset() functions in drivers/usb/gadget/function/f_fs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU88892

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46936

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the inet_init() function in net/ipv4/af_inet.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Double Free

EUVDB-ID: #VU89391

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47082

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in drivers/net/tun.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Release of invalid pointer or reference

EUVDB-ID: #VU93003

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47087

CWE-ID: CWE-763 - Release of invalid pointer or reference

Exploit availability: No

Description

The vulnerability allows a local user to modify data on the system.

The vulnerability exists due to performance of perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. A local user can modify data on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Reachable assertion

EUVDB-ID: #VU90913

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47091

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the ieee80211_start_ap() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory leak

EUVDB-ID: #VU90478

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47093

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pmc_core_platform_init() function in drivers/platform/x86/intel_pmc_core_pltdrv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU88107

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47094

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in arch/x86/kvm/mmu/tdp_iter.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) NULL pointer dereference

EUVDB-ID: #VU90633

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47095

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ssif_probe() function in drivers/char/ipmi/ipmi_ssif.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use of uninitialized resource

EUVDB-ID: #VU91681

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47096

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the snd_rawmidi_open() function in sound/core/rawmidi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Out-of-bounds read

EUVDB-ID: #VU90344

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47097

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the elantech_change_report_id() function in drivers/input/mouse/elantech.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Integer overflow

EUVDB-ID: #VU91181

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47098

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer overflow within the lm90_set_temphyst() function in drivers/hwmon/lm90.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU88856

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47099

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a missing security check within the veth_xdp_rcv() function in drivers/net/veth.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU90233

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47100

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cleanup_bmc_device() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use of uninitialized resource

EUVDB-ID: #VU90882

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47101

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Out-of-bounds read

EUVDB-ID: #VU90345

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47102

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the prestera_netdev_port_event() function in drivers/net/ethernet/marvell/prestera/prestera_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Memory leak

EUVDB-ID: #VU90019

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47104

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the qib_user_sdma_queue_pkts() function in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Memory leak

EUVDB-ID: #VU91655

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47105

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ice_xsk_any_rx_ring_ena() function in drivers/net/ethernet/intel/ice/ice_xsk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Buffer overflow

EUVDB-ID: #VU91316

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47107

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the nfsd_proc_rmdir() and nfsd_init_dirlist_pages() functions in fs/nfsd/nfsproc.c, within the nfsd3_proc_link() and nfsd3_init_dirlist_pages() functions in fs/nfsd/nfs3proc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU90632

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47108

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_hdmi_bridge_mode_valid() function in drivers/gpu/drm/mediatek/mtk_hdmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Use-after-free

EUVDB-ID: #VU90261

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48626

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the moxart_remove() function in drivers/mmc/host/moxart-mmc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Information disclosure

EUVDB-ID: #VU93004

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48629

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Infinite loop

EUVDB-ID: #VU91418

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48630

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the qcom_rng_read() function in drivers/crypto/qcom-rng.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU82758

Risk: Low

CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-35827

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local authenticated user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) NULL pointer dereference

EUVDB-ID: #VU90661

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52450

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the discover_upi_topology() function in arch/x86/events/intel/uncore_snbep.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU89244

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52454

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU89235

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52469

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) NULL pointer dereference

EUVDB-ID: #VU92074

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52470

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper locking

EUVDB-ID: #VU92053

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52474

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the build_vnic_ulp_payload() function in drivers/infiniband/hw/hfi1/vnic_sdma.c, within the build_verbs_tx_desc() function in drivers/infiniband/hw/hfi1/verbs.c, within the user_sdma_send_pkts(), add_system_pages_to_sdma_packet(), hfi1_user_sdma_process_request(), user_sdma_txadd_ahg(), sdma_cache_evict(), user_sdma_txreq_cb(), pq_update(), user_sdma_free_request(), set_comp_state() and sdma_rb_remove() functions in drivers/infiniband/hw/hfi1/user_sdma.c, within the sdma_unmap_desc(), ext_coal_sdma_tx_descs() and _pad_sdma_tx_descs() functions in drivers/infiniband/hw/hfi1/sdma.c, within the hfi1_mmu_rb_insert(), hfi1_mmu_rb_get_first(), __mmu_rb_search() and hfi1_mmu_rb_evict() functions in drivers/infiniband/hw/hfi1/mmu_rb.c, within the hfi1_ipoib_build_ulp_payload() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Use of uninitialized resource

EUVDB-ID: #VU89393

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52477

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) NULL pointer dereference

EUVDB-ID: #VU90626

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52492

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Resource exhaustion

EUVDB-ID: #VU93097

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52497

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.

The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Information disclosure

EUVDB-ID: #VU93098

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52501

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Race condition

EUVDB-ID: #VU88106

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52502

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() functions in net/nfc/llcp_core.c. A local user can exploit the race and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Out-of-bounds read

EUVDB-ID: #VU90347

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52504

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the apply_alternatives() function in arch/x86/kernel/alternative.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU90350

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52507

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) NULL pointer dereference

EUVDB-ID: #VU90634

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52508

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nvme_fc_io_getuuid() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU89255

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52509

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user can escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ravb_close() function in drivers/net/ethernet/renesas/ravb_main.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Use-after-free

EUVDB-ID: #VU90235

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52510

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ca8210_register_ext_clock() and ca8210_unregister_ext_clock() functions in drivers/net/ieee802154/ca8210.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Resource exhaustion

EUVDB-ID: #VU93001

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52511

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL pointer dereference

EUVDB-ID: #VU91242

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52513

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the siw_accept_newconn(), siw_cm_work_handler() and siw_cm_llp_data_ready() functions in drivers/infiniband/sw/siw/siw_cm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Use-after-free

EUVDB-ID: #VU90236

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52515

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the srp_abort() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Race condition

EUVDB-ID: #VU91487

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52517

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the sun6i_spi_max_transfer_size(), sun6i_spi_prepare_dma(), sun6i_spi_transfer_one(), sun6i_spi_handler() and sun6i_spi_probe() functions in drivers/spi/spi-sun6i.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Out-of-bounds read

EUVDB-ID: #VU90348

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52519

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the enable_gpe() function in drivers/hid/intel-ish-hid/ipc/pci-ish.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Memory leak

EUVDB-ID: #VU91656

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52520

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tlmi_release_attr() and tlmi_sysfs_init() functions in drivers/platform/x86/think-lmi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) NULL pointer dereference

EUVDB-ID: #VU90635

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52523

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the BPF_CALL_4() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper locking

EUVDB-ID: #VU91319

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52524

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the nfc_llcp_register_device() function in net/nfc/llcp_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Out-of-bounds read

EUVDB-ID: #VU90349

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52525

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the mwifiex_process_rx_packet() function in drivers/net/wireless/marvell/mwifiex/sta_rx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use of uninitialized resource

EUVDB-ID: #VU90884

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52528

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Memory leak

EUVDB-ID: #VU89386

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52529

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the sony_probe() function in drivers/hid/hid-sony.c. A local user can perform a denial of service attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Improper error handling

EUVDB-ID: #VU90959

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52532

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mana_poll_tx_cq() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU90240

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52564

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU90238

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52566

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU90636

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52567

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the serial8250_handle_irq() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Improper error handling

EUVDB-ID: #VU90958

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52569

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the btrfs_balance_delayed_items() and btrfs_insert_delayed_dir_index() functions in fs/btrfs/delayed-inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) NULL pointer dereference

EUVDB-ID: #VU89390

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52574

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU91065

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52576

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the add_early_ima_buffer() function in arch/x86/kernel/setup.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Resource management error

EUVDB-ID: #VU92992

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52582

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the netfs_rreq_unlock_folios() function in fs/netfs/buffered_read.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper locking

EUVDB-ID: #VU90802

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52583

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Security features bypass

EUVDB-ID: #VU92172

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52597

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Reachable assertion

EUVDB-ID: #VU90912

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52621

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Code Injection

EUVDB-ID: #VU89087

Risk: Low

CVSSv3.1: 4 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-25742

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a malicious hypervisor to escalate privileges on the system.

The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) NULL pointer dereference

EUVDB-ID: #VU89249

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26600

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

openSUSE Leap Micro: 5.3 - 5.4

SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4

SUSE Linux Enterprise Micro: 5.3 - 5.4

kernel-source-rt: before 5.14.21-150400.15.76.1

kernel-rt-debugsource: before 5.14.21-150400.15.76.1

kernel-rt-debuginfo: before 5.14.21-150400.15.76.1

kernel-rt: before 5.14.21-150400.15.76.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###