SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 113 |
| CVE-ID | CVE-2020-36780 CVE-2020-36782 CVE-2020-36783 CVE-2021-23134 CVE-2021-46909 CVE-2021-46921 CVE-2021-46930 CVE-2021-46938 CVE-2021-46939 CVE-2021-46943 CVE-2021-46944 CVE-2021-46950 CVE-2021-46951 CVE-2021-46958 CVE-2021-46960 CVE-2021-46961 CVE-2021-46962 CVE-2021-46963 CVE-2021-46971 CVE-2021-46981 CVE-2021-46984 CVE-2021-46988 CVE-2021-46990 CVE-2021-46991 CVE-2021-46992 CVE-2021-46998 CVE-2021-47000 CVE-2021-47006 CVE-2021-47013 CVE-2021-47015 CVE-2021-47020 CVE-2021-47034 CVE-2021-47045 CVE-2021-47049 CVE-2021-47051 CVE-2021-47055 CVE-2021-47056 CVE-2021-47058 CVE-2021-47061 CVE-2021-47063 CVE-2021-47065 CVE-2021-47068 CVE-2021-47069 CVE-2021-47070 CVE-2021-47071 CVE-2021-47073 CVE-2021-47077 CVE-2021-47082 CVE-2021-47109 CVE-2021-47110 CVE-2021-47112 CVE-2021-47114 CVE-2021-47117 CVE-2021-47118 CVE-2021-47119 CVE-2021-47120 CVE-2021-47138 CVE-2021-47139 CVE-2021-47141 CVE-2021-47142 CVE-2021-47144 CVE-2021-47153 CVE-2021-47161 CVE-2021-47165 CVE-2021-47166 CVE-2021-47167 CVE-2021-47168 CVE-2021-47169 CVE-2021-47170 CVE-2021-47171 CVE-2021-47172 CVE-2021-47173 CVE-2021-47177 CVE-2021-47179 CVE-2021-47180 CVE-2021-47181 CVE-2021-47183 CVE-2021-47185 CVE-2021-47189 CVE-2022-0487 CVE-2022-4744 CVE-2022-48626 CVE-2023-0160 CVE-2023-1192 CVE-2023-28746 CVE-2023-35827 CVE-2023-52454 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52500 CVE-2023-52509 CVE-2023-52572 CVE-2023-52583 CVE-2023-52590 CVE-2023-52591 CVE-2023-52607 CVE-2023-52628 CVE-2023-6270 CVE-2023-6356 CVE-2023-6531 CVE-2023-6535 CVE-2023-6536 CVE-2023-7042 CVE-2023-7192 CVE-2024-22099 CVE-2024-26600 CVE-2024-26614 CVE-2024-26642 CVE-2024-26704 CVE-2024-26733 |
| CWE-ID | CWE-401 CWE-200 CWE-416 CWE-754 CWE-667 CWE-415 CWE-388 CWE-399 CWE-191 CWE-362 CWE-476 CWE-125 CWE-617 CWE-20 CWE-119 CWE-908 CWE-400 CWE-665 CWE-121 CWE-284 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #80 is available. |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Live Patching Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 Business Critical Linux Operating systems & Components / Operating system SUSE Linux Enterprise High Availability Extension 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system reiserfs-kmp-default-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-default Operating systems & Components / Operating system package or component kernel-docs Operating systems & Components / Operating system package or component kernel-source Operating systems & Components / Operating system package or component kernel-devel Operating systems & Components / Operating system package or component kernel-macros Operating systems & Components / Operating system package or component kernel-default-base Operating systems & Components / Operating system package or component kernel-preempt-debuginfo Operating systems & Components / Operating system package or component kernel-default-devel Operating systems & Components / Operating system package or component kernel-obs-build Operating systems & Components / Operating system package or component kernel-default-devel-debuginfo Operating systems & Components / Operating system package or component kernel-obs-build-debugsource Operating systems & Components / Operating system package or component kernel-preempt-devel Operating systems & Components / Operating system package or component kernel-syms Operating systems & Components / Operating system package or component kernel-preempt-debugsource Operating systems & Components / Operating system package or component kernel-preempt-devel-debuginfo Operating systems & Components / Operating system package or component kernel-preempt Operating systems & Components / Operating system package or component cluster-md-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default Operating systems & Components / Operating system package or component ocfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-default-debuginfo Operating systems & Components / Operating system package or component gfs2-kmp-default-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-default Operating systems & Components / Operating system package or component ocfs2-kmp-default Operating systems & Components / Operating system package or component gfs2-kmp-default Operating systems & Components / Operating system package or component kernel-default-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_188-default-debuginfo Operating systems & Components / Operating system package or component kernel-livepatch-SLE15-SP2_Update_47-debugsource Operating systems & Components / Operating system package or component kernel-livepatch-5_3_18-150200_24_188-default Operating systems & Components / Operating system package or component kernel-default-livepatch Operating systems & Components / Operating system package or component kernel-default-debuginfo Operating systems & Components / Operating system package or component kernel-default-livepatch-devel Operating systems & Components / Operating system package or component kernel-default Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 113 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU89266
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36780
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due reference leak when pm_runtime_get_sync fails within the sprd_i2c_master_xfer() and sprd_i2c_remove() function in drivers/i2c/busses/i2c-sprd.c. A local user can perform denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU91404
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36782
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the lpi2c_imx_master_enable() function in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU91405
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36783
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the img_i2c_xfer() and img_i2c_init() functions in drivers/i2c/busses/i2c-img-scb.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU63657
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23134
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in nfc sockets in the Linux Kernel. A local user with the CAP_NET_RAW capability can trigger use-after-free and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper check for unusual or exceptional conditions
EUVDB-ID: #VU92396
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46909
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the personal_server_map_irq() function in arch/arm/mach-footbridge/personal-pci.c, within the netwinder_map_irq() function in arch/arm/mach-footbridge/netwinder-pci.c, within the ebsa285_map_irq() function in arch/arm/mach-footbridge/ebsa285-pci.c, within the cats_no_swizzle() function in arch/arm/mach-footbridge/cats-pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU88214
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46921
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper locking within the queued_write_lock_slowpath() function in kernel/locking/qrwlock.c. A local user can crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU90258
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46930
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtu3_alloc_request() function in drivers/usb/mtu3/mtu3_gadget.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Double free
EUVDB-ID: #VU90901
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46938
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the blk_mq_free_tag_set() and dm_mq_cleanup_mapped_device() functions in drivers/md/dm-rq.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper locking
EUVDB-ID: #VU90807
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46939
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the trace_clock_global() function in kernel/trace/trace_clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper error handling
EUVDB-ID: #VU90962
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46943
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper error handling within the imgu_fmt() function in drivers/staging/media/ipu3/ipu3-v4l2.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU90042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46944
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the imgu_fmt() function in drivers/staging/media/ipu3/ipu3-v4l2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Resource management error
EUVDB-ID: #VU93648
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46950
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper management of internal resources within the raid1_end_write_request() function in drivers/md/raid1.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Integer underflow
EUVDB-ID: #VU91194
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46951
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow within the tpm_read_log_efi() function in drivers/char/tpm/eventlog/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU90256
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_transaction() function in fs/btrfs/transaction.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Resource management error
EUVDB-ID: #VU93847
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46960
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smb2_get_enc_key() function in fs/cifs/smb2ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Improper error handling
EUVDB-ID: #VU92949
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46961
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the gic_handle_irq() function in drivers/irqchip/irq-gic-v3.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Improper error handling
EUVDB-ID: #VU90963
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46962
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the uniphier_sd_remove() function in drivers/mmc/host/uniphier-sd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Race condition
EUVDB-ID: #VU93384
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46963
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the qla2xxx_mqueuecommand() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU92050
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46971
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SYSCALL_DEFINE5() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) NULL pointer dereference
EUVDB-ID: #VU90641
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46981
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nbd_disconnect_and_put() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Out-of-bounds read
EUVDB-ID: #VU90355
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46984
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dd_request_merge() function in block/mq-deadline.c, within the kyber_limit_depth() function in block/kyber-iosched.c, within the __blk_mq_sched_bio_merge() function in block/blk-mq-sched.c, within the bfq_remove_request() function in block/bfq-iosched.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Reachable assertion
EUVDB-ID: #VU90916
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46988
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the shmem_mfill_atomic_pte() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU88890
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in arch/powerpc/lib/feature-fixups.c. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use-after-free
EUVDB-ID: #VU90251
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i40e_client_subtask() function in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Out-of-bounds read
EUVDB-ID: #VU90354
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46992
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nft_rhash_destroy() function in net/netfilter/nft_set_hash.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU91070
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the enic_queue_wq_skb_encap(), enic_queue_wq_skb() and enic_hard_start_xmit() functions in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Information disclosure
EUVDB-ID: #VU91406
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47000
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the __fh_to_dentry() function in fs/ceph/export.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU93626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47006
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the breakpoint_handler() function in arch/arm/kernel/hw_breakpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU91068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47013
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the emac_mac_tx_buf_send() function in drivers/net/ethernet/qualcomm/emac/emac-mac.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper error handling
EUVDB-ID: #VU92947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47015
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU90029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47020
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sdw_stream_add_slave() function in drivers/soundwire/stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Resource management error
EUVDB-ID: #VU93209
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47034
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the early_map_kernel_page() and __map_kernel_page() functions in arch/powerpc/mm/pgtable-radix.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) NULL pointer dereference
EUVDB-ID: #VU90648
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47045
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_issue_els_plogi() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Improper error handling
EUVDB-ID: #VU90960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47049
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __vmbus_open() function in drivers/hv/channel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Information disclosure
EUVDB-ID: #VU91407
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47051
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the lpspi_prepare_xfer_hardware() function in drivers/spi/spi-fsl-lpspi.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Improper locking
EUVDB-ID: #VU91543
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47055
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtdchar_ioctl() function in drivers/mtd/mtdchar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use of uninitialized resource
EUVDB-ID: #VU93084
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47056
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the adf_probe() function in drivers/crypto/qat/qat_dh895xccvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c62xvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c3xxxvf/adf_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Memory leak
EUVDB-ID: #VU90031
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47058
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the regmap_debugfs_exit() function in drivers/base/regmap/regmap-debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU90244
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47061
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_io_bus_unregister_dev() function in virt/kvm/kvm_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use-after-free
EUVDB-ID: #VU90243
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47063
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panel_bridge_attach() function in drivers/gpu/drm/bridge/panel.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU90352
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47065
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_phy_load_tables(), rtw_get_channel_group() and rtw_get_tx_power_params() functions in drivers/net/wireless/realtek/rtw88/phy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Use-after-free
EUVDB-ID: #VU90245
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47068
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the llcp_sock_bind() and llcp_sock_connect() functions in net/nfc/llcp_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Resource exhaustion
EUVDB-ID: #VU92484
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47069
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error within the IPC implementation in Linux kernel. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Memory leak
EUVDB-ID: #VU90028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Memory leak
EUVDB-ID: #VU90025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47071
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU93694
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47073
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_dell_smbios_wmi() function in drivers/platform/x86/dell-smbios-wmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU90638
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47077
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qedf_update_link_speed() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Double Free
EUVDB-ID: #VU89391
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47082
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in drivers/net/tun.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Resource management error
EUVDB-ID: #VU93625
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47109
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the system when handling NUD_NOARP entries for IPv6. A remote attacker can fill up the neighbour table with enough entries that it will overflow for valid connections after that.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Buffer overflow
EUVDB-ID: #VU91208
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47110
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvm_crash_shutdown() and kvmclock_init() functions in arch/x86/kernel/kvmclock.c, within the kvm_guest_cpu_offline() function in arch/x86/kernel/kvm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Buffer overflow
EUVDB-ID: #VU89259
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47112
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Teardown PV features implementation in arch/x86/kernel/kvm.c. A local user can trigger memory corruption and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Buffer overflow
EUVDB-ID: #VU89257
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47114
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/ocfs2/file.c. A local user can trigger memory corruption and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Buffer overflow
EUVDB-ID: #VU93162
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47117
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ext4_split_extent_at() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Use-after-free
EUVDB-ID: #VU90225
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47118
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kernel_init_freeable() function in init/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Memory leak
EUVDB-ID: #VU90018
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47119
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_fill_super() and kfree() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Input validation error
EUVDB-ID: #VU90860
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the magicmouse_probe() function in drivers/hid/hid-magicmouse.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Out-of-bounds read
EUVDB-ID: #VU91402
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47138
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the clear_all_filters() function in drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper Initialization
EUVDB-ID: #VU91555
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47139
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hns3_client_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) NULL pointer dereference
EUVDB-ID: #VU90619
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47141
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_free_notify_blocks() function in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Use-after-free
EUVDB-ID: #VU90222
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47142
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_ttm_tt_unpopulate() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Memory leak
EUVDB-ID: #VU91652
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47144
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amdgpu_fbdev_destroy() function in drivers/gpu/drm/amd/amdgpu/amdgpu_fb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Improper error handling
EUVDB-ID: #VU92059
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47153
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the i801_check_post() function in drivers/i2c/busses/i2c-i801.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper error handling
EUVDB-ID: #VU90953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47161
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dspi_probe() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) NULL pointer dereference
EUVDB-ID: #VU90615
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47165
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the meson_probe_remote() function in drivers/gpu/drm/meson/meson_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Buffer overflow
EUVDB-ID: #VU93159
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47166
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfs_pageio_doio() and nfs_do_recoalesce() functions in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Input validation error
EUVDB-ID: #VU93691
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47167
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_pageio_do_add_request() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Buffer overflow
EUVDB-ID: #VU91205
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47168
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the filelayout_decode_layout() function in fs/nfs/filelayout/filelayout.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) NULL pointer dereference
EUVDB-ID: #VU90616
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47169
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the RP_ID(), rp2_remove_ports(), rp2_fw_cb(), rp2_probe() and rp2_remove() functions in drivers/tty/serial/rp2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Buffer overflow
EUVDB-ID: #VU93401
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47170
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the proc_bulk() and proc_do_submiturb() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Memory leak
EUVDB-ID: #VU90011
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Buffer overflow
EUVDB-ID: #VU93405
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47172
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ad7124_of_parse_channel_config() function in drivers/iio/adc/ad7124.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Memory leak
EUVDB-ID: #VU90013
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47173
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uss720_probe() function in drivers/usb/misc/uss720.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Information disclosure
EUVDB-ID: #VU91366
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47177
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the alloc_iommu() function in drivers/iommu/dmar.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) NULL pointer dereference
EUVDB-ID: #VU90617
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47179
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the _pnfs_return_layout() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Memory leak
EUVDB-ID: #VU90012
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47180
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL() function in net/nfc/nci/core.c, within the nci_core_conn_create() and nci_hci_allocate() functions in include/net/nfc/nci_core.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU92071
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47181
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tusb_musb_init() function in drivers/usb/musb/tusb6010.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) NULL pointer dereference
EUVDB-ID: #VU90586
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47183
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli_issue_abort_iotag() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Improper locking
EUVDB-ID: #VU91528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47185
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Race condition
EUVDB-ID: #VU93380
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47189
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the run_ordered_work() and normal_work_helper() functions in fs/btrfs/async-thread.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Use-after-free
EUVDB-ID: #VU61181
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-0487
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. A local user can trigger a use-after-free error and gain access to sensitive information.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
81) Double Free
EUVDB-ID: #VU74053
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-4744
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the tun_free_netdev() function in the Linux kernel’s TUN/TAP device driver. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Use-after-free
EUVDB-ID: #VU90261
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48626
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the moxart_remove() function in drivers/mmc/host/moxart-mmc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Improper locking
EUVDB-ID: #VU90810
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0160
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Use-after-free
EUVDB-ID: #VU81923
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-1192
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Information disclosure
EUVDB-ID: #VU87457
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28746
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Use-after-free
EUVDB-ID: #VU82758
Risk: Low
CVSSv3.1: 6.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-35827
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_remove in drivers/net/ethernet/renesas/ravb_main.c. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) NULL pointer dereference
EUVDB-ID: #VU89244
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52454
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Use-after-free
EUVDB-ID: #VU89235
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52469
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) NULL pointer dereference
EUVDB-ID: #VU92074
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52470
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Improper locking
EUVDB-ID: #VU92053
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52474
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the build_vnic_ulp_payload() function in drivers/infiniband/hw/hfi1/vnic_sdma.c, within the build_verbs_tx_desc() function in drivers/infiniband/hw/hfi1/verbs.c, within the user_sdma_send_pkts(), add_system_pages_to_sdma_packet(), hfi1_user_sdma_process_request(), user_sdma_txadd_ahg(), sdma_cache_evict(), user_sdma_txreq_cb(), pq_update(), user_sdma_free_request(), set_comp_state() and sdma_rb_remove() functions in drivers/infiniband/hw/hfi1/user_sdma.c, within the sdma_unmap_desc(), ext_coal_sdma_tx_descs() and _pad_sdma_tx_descs() functions in drivers/infiniband/hw/hfi1/sdma.c, within the hfi1_mmu_rb_insert(), hfi1_mmu_rb_get_first(), __mmu_rb_search() and hfi1_mmu_rb_evict() functions in drivers/infiniband/hw/hfi1/mmu_rb.c, within the hfi1_ipoib_build_ulp_payload() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Out-of-bounds read
EUVDB-ID: #VU88821
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52476
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the branch_type() and get_branch_type() functions in arch/x86/events/utils.c. A local user can trigger an out-of-bounds read error and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use of uninitialized resource
EUVDB-ID: #VU89393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52477
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Memory leak
EUVDB-ID: #VU91657
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52500
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mpi_set_controller_config_resp() function in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU89255
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52509
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user can escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_close() function in drivers/net/ethernet/renesas/ravb_main.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Use-after-free
EUVDB-ID: #VU90239
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52572
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_wake_up_task(), __release_mid(), wait_for_response(), cifs_sync_mid_result(), cifs_compound_callback(), compound_send_recv(), SendReceive() and SendReceiveBlockingLock() functions in fs/smb/client/transport.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Improper locking
EUVDB-ID: #VU91539
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52590
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_rename() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Improper locking
EUVDB-ID: #VU91538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) NULL pointer dereference
EUVDB-ID: #VU90841
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Stack-based buffer overflow
EUVDB-ID: #VU87901
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52628
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_exthdr_sctp_eval(), nft_exthdr_tcp_eval(), and nft_exthdr_ipv6_eval() functions. A local user can pass specially crafted data to the system, trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) NULL pointer dereference
EUVDB-ID: #VU85854
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6356
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_iovec() function in the Linux kernel's NVMe driver. A remote attacker can pass specially crafted TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Race condition
EUVDB-ID: #VU85022
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6531
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition when the unix garbage collector's deletion of a SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) NULL pointer dereference
EUVDB-ID: #VU85853
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6535
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_execute_request() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) NULL pointer dereference
EUVDB-ID: #VU85852
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6536
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the __nvmet_req_complete() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) NULL pointer dereference
EUVDB-ID: #VU85422
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7042
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Memory leak
EUVDB-ID: #VU86248
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7192
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the ctnetlink_create_conntrack() function in net/netfilter/nf_conntrack_netlink.c. A local user with CAP_NET_ADMIN privileges can perform denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) NULL pointer dereference
EUVDB-ID: #VU87192
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22099
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) NULL pointer dereference
EUVDB-ID: #VU89249
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Resource management error
EUVDB-ID: #VU91320
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26614
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper access control
EUVDB-ID: #VU88150
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26642
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Double free
EUVDB-ID: #VU90929
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Live Patching: 15-SP2
SUSE Linux Enterprise Server 15 SP2 Business Critical Linux: 15-SP2
SUSE Linux Enterprise High Availability Extension 15: SP2
SUSE Linux Enterprise Server for SAP Applications 15: SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15: SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15: SP2
SUSE Manager Server: 4.1
SUSE Manager Retail Branch Server: 4.1
SUSE Manager Proxy: 4.1
reiserfs-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
reiserfs-kmp-default: before 5.3.18-150200.24.188.1
kernel-docs: before 5.3.18-150200.24.188.1
kernel-source: before 5.3.18-150200.24.188.1
kernel-devel: before 5.3.18-150200.24.188.1
kernel-macros: before 5.3.18-150200.24.188.1
kernel-default-base: before 5.3.18-150200.24.188.1.150200.9.95.3
kernel-preempt-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-devel: before 5.3.18-150200.24.188.1
kernel-obs-build: before 5.3.18-150200.24.188.1
kernel-default-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-obs-build-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel: before 5.3.18-150200.24.188.1
kernel-syms: before 5.3.18-150200.24.188.1
kernel-preempt-debugsource: before 5.3.18-150200.24.188.1
kernel-preempt-devel-debuginfo: before 5.3.18-150200.24.188.1
kernel-preempt: before 5.3.18-150200.24.188.1
cluster-md-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
dlm-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
gfs2-kmp-default-debuginfo: before 5.3.18-150200.24.188.1
cluster-md-kmp-default: before 5.3.18-150200.24.188.1
ocfs2-kmp-default: before 5.3.18-150200.24.188.1
gfs2-kmp-default: before 5.3.18-150200.24.188.1
kernel-default-debugsource: before 5.3.18-150200.24.188.1
kernel-livepatch-5_3_18-150200_24_188-default-debuginfo: before 1-150200.5.3.3
kernel-livepatch-SLE15-SP2_Update_47-debugsource: before 1-150200.5.3.3
kernel-livepatch-5_3_18-150200_24_188-default: before 1-150200.5.3.3
kernel-default-livepatch: before 5.3.18-150200.24.188.1
kernel-default-debuginfo: before 5.3.18-150200.24.188.1
kernel-default-livepatch-devel: before 5.3.18-150200.24.188.1
kernel-default: before 5.3.18-150200.24.188.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241454-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
