SUSE update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 68 |
| CVE-ID | CVE-2021-46925 CVE-2021-46926 CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46933 CVE-2021-46936 CVE-2021-47082 CVE-2021-47087 CVE-2021-47091 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095 CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100 CVE-2021-47101 CVE-2021-47102 CVE-2021-47104 CVE-2021-47105 CVE-2021-47107 CVE-2021-47108 CVE-2022-48626 CVE-2022-48629 CVE-2022-48630 CVE-2023-35827 CVE-2023-52450 CVE-2023-52454 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52477 CVE-2023-52492 CVE-2023-52497 CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508 CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515 CVE-2023-52517 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524 CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52532 CVE-2023-52564 CVE-2023-52566 CVE-2023-52567 CVE-2023-52569 CVE-2023-52574 CVE-2023-52576 CVE-2023-52582 CVE-2023-52583 CVE-2023-52597 CVE-2023-52621 CVE-2024-25742 CVE-2024-26600 |
| CWE-ID | CWE-667 CWE-399 CWE-617 CWE-416 CWE-121 CWE-415 CWE-763 CWE-401 CWE-476 CWE-908 CWE-125 CWE-190 CWE-264 CWE-119 CWE-200 CWE-835 CWE-400 CWE-362 CWE-388 CWE-254 CWE-94 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
openSUSE Leap Micro Operating systems & Components / Operating system SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system kernel-source-rt Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 68 vulnerabilities.
1) Improper locking
EUVDB-ID: #VU92051
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46925
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_wr_is_tx_pend(), smc_wr_tx_process_cqe(), smc_wr_reg_send() and smc_wr_free_link() functions in net/smc/smc_wr.c, within the smc_ib_modify_qp_rts() function in net/smc/smc_ib.c, within the smc_conn_free(), smcr_link_clear(), smc_conn_kill(), smc_smcd_terminate_all(), smc_smcr_terminate_all(), smcr_link_down() and init_waitqueue_head() functions in net/smc/smc_core.c, within the smc_cdc_tx_handler(), smc_cdc_msg_send(), smcr_cdc_msg_send_validation() and smc_cdc_get_slot_and_msg_send() functions in net/smc/smc_cdc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource management error
EUVDB-ID: #VU89253
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46926
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the sdw_intel_acpi_cb() function in sound/hda/intel-sdw-acpi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Reachable assertion
EUVDB-ID: #VU90917
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46927
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ne_set_user_memory_region_ioctl() function in drivers/virt/nitro_enclaves/ne_misc_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU90257
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46929
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sctp_transport_lookup_process() and sctp_transport_get_idx() functions in net/sctp/socket.c, within the sctp_sock_dump() and sctp_sock_filter() functions in net/sctp/sctp_diag.c, within the sctp_endpoint_free() and sctp_endpoint_destroy() functions in net/sctp/endpointola.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU90258
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46930
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtu3_alloc_request() function in drivers/usb/mtu3/mtu3_gadget.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Stack-based buffer overflow
EUVDB-ID: #VU91303
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46931
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the mlx5e_tx_reporter_dump_sq() and mlx5e_reporter_tx_timeout() functions in drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU90259
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46933
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ffs_data_clear() and ffs_data_reset() functions in drivers/usb/gadget/function/f_fs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Use-after-free
EUVDB-ID: #VU88892
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46936
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the inet_init() function in net/ipv4/af_inet.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Double Free
EUVDB-ID: #VU89391
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47082
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in drivers/net/tun.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Release of invalid pointer or reference
EUVDB-ID: #VU93003
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47087
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a local user to modify data on the system.
The vulnerability exists due to performance of perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. A local user can modify data on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Reachable assertion
EUVDB-ID: #VU90913
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47091
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ieee80211_start_ap() function in net/mac80211/cfg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU90478
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47093
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pmc_core_platform_init() function in drivers/platform/x86/intel_pmc_core_pltdrv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU88107
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47094
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in arch/x86/kvm/mmu/tdp_iter.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU90633
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ssif_probe() function in drivers/char/ipmi/ipmi_ssif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use of uninitialized resource
EUVDB-ID: #VU91681
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47096
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the snd_rawmidi_open() function in sound/core/rawmidi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Out-of-bounds read
EUVDB-ID: #VU90344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47097
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the elantech_change_report_id() function in drivers/input/mouse/elantech.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Integer overflow
EUVDB-ID: #VU91181
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47098
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the lm90_set_temphyst() function in drivers/hwmon/lm90.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU88856
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47099
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a missing security check within the veth_xdp_rcv() function in drivers/net/veth.c. A local user can gain access to sensitive information.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU90233
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47100
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bmc_device() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use of uninitialized resource
EUVDB-ID: #VU90882
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47101
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU90345
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47102
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the prestera_netdev_port_event() function in drivers/net/ethernet/marvell/prestera/prestera_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory leak
EUVDB-ID: #VU90019
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47104
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qib_user_sdma_queue_pkts() function in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Memory leak
EUVDB-ID: #VU91655
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47105
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ice_xsk_any_rx_ring_ena() function in drivers/net/ethernet/intel/ice/ice_xsk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU91316
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47107
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfsd_proc_rmdir() and nfsd_init_dirlist_pages() functions in fs/nfsd/nfsproc.c, within the nfsd3_proc_link() and nfsd3_init_dirlist_pages() functions in fs/nfsd/nfs3proc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU90632
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47108
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_hdmi_bridge_mode_valid() function in drivers/gpu/drm/mediatek/mtk_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU90261
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48626
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the moxart_remove() function in drivers/mmc/host/moxart-mmc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Information disclosure
EUVDB-ID: #VU93004
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48629
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Infinite loop
EUVDB-ID: #VU91418
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48630
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the qcom_rng_read() function in drivers/crypto/qcom-rng.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU82758
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35827
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU90661
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52450
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the discover_upi_topology() function in arch/x86/events/intel/uncore_snbep.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU89244
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52454
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Use-after-free
EUVDB-ID: #VU89235
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52469
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU92074
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52470
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper locking
EUVDB-ID: #VU92053
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52474
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the build_vnic_ulp_payload() function in drivers/infiniband/hw/hfi1/vnic_sdma.c, within the build_verbs_tx_desc() function in drivers/infiniband/hw/hfi1/verbs.c, within the user_sdma_send_pkts(), add_system_pages_to_sdma_packet(), hfi1_user_sdma_process_request(), user_sdma_txadd_ahg(), sdma_cache_evict(), user_sdma_txreq_cb(), pq_update(), user_sdma_free_request(), set_comp_state() and sdma_rb_remove() functions in drivers/infiniband/hw/hfi1/user_sdma.c, within the sdma_unmap_desc(), ext_coal_sdma_tx_descs() and _pad_sdma_tx_descs() functions in drivers/infiniband/hw/hfi1/sdma.c, within the hfi1_mmu_rb_insert(), hfi1_mmu_rb_get_first(), __mmu_rb_search() and hfi1_mmu_rb_evict() functions in drivers/infiniband/hw/hfi1/mmu_rb.c, within the hfi1_ipoib_build_ulp_payload() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use of uninitialized resource
EUVDB-ID: #VU89393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52477
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU90626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52492
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Resource exhaustion
EUVDB-ID: #VU93097
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52497
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack and modify data on the system,.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack and modify data on the system,.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Information disclosure
EUVDB-ID: #VU93098
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52501
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local user can gain unauthorized access to sensitive information on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Race condition
EUVDB-ID: #VU88106
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52502
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() functions in net/nfc/llcp_core.c. A local user can exploit the race and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU90347
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52504
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_alternatives() function in arch/x86/kernel/alternative.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU90350
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52507
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nci_activate_target() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) NULL pointer dereference
EUVDB-ID: #VU90634
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52508
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvme_fc_io_getuuid() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Use-after-free
EUVDB-ID: #VU89255
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52509
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user can escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_close() function in drivers/net/ethernet/renesas/ravb_main.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU90235
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52510
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ca8210_register_ext_clock() and ca8210_unregister_ext_clock() functions in drivers/net/ieee802154/ca8210.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Resource exhaustion
EUVDB-ID: #VU93001
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52511
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL pointer dereference
EUVDB-ID: #VU91242
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52513
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the siw_accept_newconn(), siw_cm_work_handler() and siw_cm_llp_data_ready() functions in drivers/infiniband/sw/siw/siw_cm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU90236
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52515
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srp_abort() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Race condition
EUVDB-ID: #VU91487
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52517
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the sun6i_spi_max_transfer_size(), sun6i_spi_prepare_dma(), sun6i_spi_transfer_one(), sun6i_spi_handler() and sun6i_spi_probe() functions in drivers/spi/spi-sun6i.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Out-of-bounds read
EUVDB-ID: #VU90348
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52519
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enable_gpe() function in drivers/hid/intel-ish-hid/ipc/pci-ish.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Memory leak
EUVDB-ID: #VU91656
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52520
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tlmi_release_attr() and tlmi_sysfs_init() functions in drivers/platform/x86/think-lmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) NULL pointer dereference
EUVDB-ID: #VU90635
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52523
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the BPF_CALL_4() function in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Improper locking
EUVDB-ID: #VU91319
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52524
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfc_llcp_register_device() function in net/nfc/llcp_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds read
EUVDB-ID: #VU90349
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52525
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mwifiex_process_rx_packet() function in drivers/net/wireless/marvell/mwifiex/sta_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use of uninitialized resource
EUVDB-ID: #VU90884
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52528
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Memory leak
EUVDB-ID: #VU89386
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52529
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sony_probe() function in drivers/hid/hid-sony.c. A local user can perform a denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Improper error handling
EUVDB-ID: #VU90959
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52532
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mana_poll_tx_cq() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU90240
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52564
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gsm_cleanup_mux() function in drivers/tty/n_gsm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU90238
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52566
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_gccache_submit_read_data() function in fs/nilfs2/gcinode.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) NULL pointer dereference
EUVDB-ID: #VU90636
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52567
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the serial8250_handle_irq() function in drivers/tty/serial/8250/8250_port.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper error handling
EUVDB-ID: #VU90958
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52569
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the btrfs_balance_delayed_items() and btrfs_insert_delayed_dir_index() functions in fs/btrfs/delayed-inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU89390
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52574
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/net/team/team.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Use-after-free
EUVDB-ID: #VU91065
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52576
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the add_early_ima_buffer() function in arch/x86/kernel/setup.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU92992
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52582
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netfs_rreq_unlock_folios() function in fs/netfs/buffered_read.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Security features bypass
EUVDB-ID: #VU92172
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52597
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Reachable assertion
EUVDB-ID: #VU90912
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52621
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the rcu_read_lock_held(), BPF_CALL_4() and BPF_CALL_2() functions in kernel/bpf/helpers.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Code Injection
EUVDB-ID: #VU89087
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-25742
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
Description
The vulnerability allows a malicious hypervisor to escalate privileges on the system.
The vulnerability exists due to improper input validation when handling interrupts. A malicious hypervisor can inject interrupt 0x80, which is used by Linux for legacy 32-bit system calls, and arbitrarily change the value stored in EAX while a SEV VM is running.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) NULL pointer dereference
EUVDB-ID: #VU89249
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsopenSUSE Leap Micro: 5.3 - 5.4
SUSE Linux Enterprise Micro for Rancher: 5.3 - 5.4
SUSE Linux Enterprise Micro: 5.3 - 5.4
kernel-source-rt: before 5.14.21-150400.15.76.1
kernel-rt-debugsource: before 5.14.21-150400.15.76.1
kernel-rt-debuginfo: before 5.14.21-150400.15.76.1
kernel-rt: before 5.14.21-150400.15.76.1
CPE2.3- cpe:2.3:o:suse:opensuse_leap_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap_micro:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.3:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.4:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_micro:5.3:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241320-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
