SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 179 |
| CVE-ID | CVE-2021-46933 CVE-2021-47074 CVE-2021-47162 CVE-2021-47171 CVE-2021-47188 CVE-2021-47206 CVE-2021-47220 CVE-2021-47229 CVE-2021-47231 CVE-2021-47235 CVE-2021-47236 CVE-2021-47237 CVE-2021-47238 CVE-2021-47239 CVE-2021-47245 CVE-2021-47246 CVE-2021-47248 CVE-2021-47249 CVE-2021-47250 CVE-2021-47252 CVE-2021-47254 CVE-2021-47258 CVE-2021-47260 CVE-2021-47261 CVE-2021-47265 CVE-2021-47269 CVE-2021-47274 CVE-2021-47276 CVE-2021-47277 CVE-2021-47280 CVE-2021-47281 CVE-2021-47284 CVE-2021-47288 CVE-2021-47301 CVE-2021-47302 CVE-2021-47305 CVE-2021-47307 CVE-2021-47308 CVE-2021-47310 CVE-2021-47311 CVE-2021-47314 CVE-2021-47315 CVE-2021-47319 CVE-2021-47320 CVE-2021-47321 CVE-2021-47323 CVE-2021-47324 CVE-2021-47330 CVE-2021-47334 CVE-2021-47337 CVE-2021-47343 CVE-2021-47344 CVE-2021-47345 CVE-2021-47347 CVE-2021-47352 CVE-2021-47353 CVE-2021-47355 CVE-2021-47356 CVE-2021-47357 CVE-2021-47361 CVE-2021-47362 CVE-2021-47369 CVE-2021-47375 CVE-2021-47378 CVE-2021-47382 CVE-2021-47383 CVE-2021-47391 CVE-2021-47397 CVE-2021-47400 CVE-2021-47401 CVE-2021-47404 CVE-2021-47409 CVE-2021-47416 CVE-2021-47423 CVE-2021-47424 CVE-2021-47431 CVE-2021-47435 CVE-2021-47436 CVE-2021-47456 CVE-2021-47458 CVE-2021-47460 CVE-2021-47469 CVE-2021-47472 CVE-2021-47473 CVE-2021-47478 CVE-2021-47480 CVE-2021-47483 CVE-2021-47485 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47500 CVE-2021-47506 CVE-2021-47509 CVE-2021-47511 CVE-2021-47523 CVE-2021-47541 CVE-2021-47548 CVE-2021-47565 CVE-2022-48686 CVE-2022-48697 CVE-2022-48704 CVE-2022-48708 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-42755 CVE-2023-47233 CVE-2023-52527 CVE-2023-52586 CVE-2023-52591 CVE-2023-52655 CVE-2023-52664 CVE-2023-52685 CVE-2023-52686 CVE-2023-52691 CVE-2023-52696 CVE-2023-52698 CVE-2023-52703 CVE-2023-52730 CVE-2023-52732 CVE-2023-52741 CVE-2023-52742 CVE-2023-52747 CVE-2023-52759 CVE-2023-52774 CVE-2023-52781 CVE-2023-52796 CVE-2023-52803 CVE-2023-52821 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52875 CVE-2023-52880 CVE-2024-26625 CVE-2024-26752 CVE-2024-26775 CVE-2024-26828 CVE-2024-26846 CVE-2024-26874 CVE-2024-26900 CVE-2024-26915 CVE-2024-26920 CVE-2024-26921 CVE-2024-26934 CVE-2024-26957 CVE-2024-26958 CVE-2024-26984 CVE-2024-26996 CVE-2024-27059 CVE-2024-27062 CVE-2024-27396 CVE-2024-27398 CVE-2024-27401 CVE-2024-27419 CVE-2024-27436 CVE-2024-35789 CVE-2024-35791 CVE-2024-35809 CVE-2024-35811 CVE-2024-35830 CVE-2024-35849 CVE-2024-35877 CVE-2024-35878 CVE-2024-35887 CVE-2024-35895 CVE-2024-35914 CVE-2024-35932 CVE-2024-35935 CVE-2024-35936 CVE-2024-35944 CVE-2024-35955 CVE-2024-35969 CVE-2024-35982 CVE-2024-35984 CVE-2024-36015 CVE-2024-36029 CVE-2024-36954 |
| CWE-ID | CWE-416 CWE-401 CWE-399 CWE-476 CWE-125 CWE-200 CWE-362 CWE-388 CWE-665 CWE-20 CWE-119 CWE-908 CWE-667 CWE-415 CWE-617 CWE-682 CWE-264 CWE-191 CWE-369 CWE-366 CWE-787 CWE-835 CWE-252 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #106 is available. |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system kernel-source-azure Operating systems & Components / Operating system package or component kernel-devel-azure Operating systems & Components / Operating system package or component kernel-azure-debugsource Operating systems & Components / Operating system package or component kernel-azure-base-debuginfo Operating systems & Components / Operating system package or component kernel-azure-devel Operating systems & Components / Operating system package or component kernel-azure-debuginfo Operating systems & Components / Operating system package or component kernel-syms-azure Operating systems & Components / Operating system package or component kernel-azure-base Operating systems & Components / Operating system package or component kernel-azure Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 179 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU90259
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46933
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ffs_data_clear() and ffs_data_reset() functions in drivers/usb/gadget/function/f_fs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU90027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nvme_loop_create_ctrl() function in drivers/nvme/target/loop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free
EUVDB-ID: #VU91064
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47162
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Memory leak
EUVDB-ID: #VU90011
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU93843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47188
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU92072
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47206
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ohci_hcd_tmio_drv_probe() function in drivers/usb/host/ohci-tmio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) NULL pointer dereference
EUVDB-ID: #VU90462
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47220
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_remove() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU93455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47229
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the advk_pcie_wait_pio(), advk_pcie_rd_conf() and advk_pcie_wr_conf() functions in drivers/pci/host/pci-aardvark.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU89946
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47231
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU90089
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47235
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ec_bhf_remove() function in drivers/net/ethernet/ec_bhf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory leak
EUVDB-ID: #VU91632
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47236
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the eem_tx_fixup() function in drivers/net/usb/cdc_eem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU89947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47237
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mkiss_close() function in drivers/net/hamradio/mkiss.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU89948
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47238
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ip_mc_destroy_dev() function in net/ipv4/igmp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory leak
EUVDB-ID: #VU89949
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47239
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() and smsc75xx_unbind() functions in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU91088
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47245
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the synproxy_parse_options() function in net/netfilter/nf_synproxy_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Information disclosure
EUVDB-ID: #VU91342
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47246
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the mlx5_hairpin_unpair_peer_sq(), mlx5_hairpin_unpair_queues() and mlx5_core_hairpin_destroy() functions in drivers/net/ethernet/mellanox/mlx5/core/transobj.c, within the mlx5e_tc_hairpin_update_dead_peer() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Race condition
EUVDB-ID: #VU91467
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47248
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the udpv6_destroy_sock() function in net/ipv6/udp.c, within the udp_destroy_sock() and udp_abort() functions in net/ipv4/udp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Memory leak
EUVDB-ID: #VU89950
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47249
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the rds_recvmsg() function in net/rds/recv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU89951
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47250
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cipso_v4_doi_free() function in net/ipv4/cipso_ipv4.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Resource management error
EUVDB-ID: #VU93253
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47252
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the batadv_iv_ogm_emit() function in net/batman-adv/bat_iv_ogm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free
EUVDB-ID: #VU90086
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47254
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __acquires() and gfs2_scan_glock_lru() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Improper error handling
EUVDB-ID: #VU90937
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47258
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the scsi_host_alloc() function in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU91230
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47260
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfs_get_client() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper Initialization
EUVDB-ID: #VU93607
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47261
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the destroy_cq_user(), create_cq_kernel() and resize_kernel() functions in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU93174
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47265
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the mlx5_ib_create_flow() function in drivers/infiniband/hw/mlx5/fs.c, within the mlx4_ib_create_flow() function in drivers/infiniband/hw/mlx4/main.c, within the ib_uverbs_ex_create_flow() function in drivers/infiniband/core/uverbs_cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU90477
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47269
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc3_wIndex_to_dep() function in drivers/usb/dwc3/ep0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Out-of-bounds read
EUVDB-ID: #VU90294
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47274
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the trace_event_buffer_lock_reserve() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU93664
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47276
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ftrace_hash_ipmodify_update() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Out-of-bounds read
EUVDB-ID: #VU90296
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47277
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/linux/kvm_host.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Use-after-free
EUVDB-ID: #VU90094
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_getunique() function in drivers/gpu/drm/drm_ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Use-after-free
EUVDB-ID: #VU90095
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47281
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_seq_timer_open() function in sound/core/seq/seq_timer.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Improper Initialization
EUVDB-ID: #VU91550
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47284
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the nj_probe() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU90297
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47288
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ngene_command_config_free_buf() function in drivers/media/pci/ngene/ngene-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use-after-free
EUVDB-ID: #VU90098
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47301
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igb_clean_tx_ring() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Use-after-free
EUVDB-ID: #VU90099
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47302
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igc_clean_tx_ring() function in drivers/net/ethernet/intel/igc/igc_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Information disclosure
EUVDB-ID: #VU91340
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47305
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sync_file_merge() function in drivers/dma-buf/sync_file.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) NULL pointer dereference
EUVDB-ID: #VU91231
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47307
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cifs_compose_mount_options() function in fs/cifs/cifs_dfs_ref.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Out-of-bounds read
EUVDB-ID: #VU91090
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47308
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fc_rport_prli_resp() function in drivers/scsi/libfc/fc_rport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU90102
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47310
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tlan_remove_one() function in drivers/net/ethernet/ti/tlan.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use-after-free
EUVDB-ID: #VU90103
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47311
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the emac_remove() function in drivers/net/ethernet/qualcomm/emac/emac.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Information disclosure
EUVDB-ID: #VU91334
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47314
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_remove() and fsl_ifc_ctrl_probe() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Information disclosure
EUVDB-ID: #VU91335
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47315
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_probe() and free_irq() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Memory leak
EUVDB-ID: #VU89958
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47319
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtblk_freeze() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Memory leak
EUVDB-ID: #VU89959
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47320
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nfs3_proc_create() and nfs3_proc_mknod() functions in fs/nfs/nfs3proc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Use-after-free
EUVDB-ID: #VU90105
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47321
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/w83877f_wdt.c, within the lpc18xx_wdt_remove() function in drivers/watchdog/lpc18xx_wdt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Use-after-free
EUVDB-ID: #VU90101
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47323
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sc520_wdt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Use-after-free
EUVDB-ID: #VU90118
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47324
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sbc60xxwdt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Memory leak
EUVDB-ID: #VU89960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47330
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the serial_resume() and serial_probe() functions in drivers/tty/serial/8250/serial_cs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use-after-free
EUVDB-ID: #VU90119
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47334
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ibmasm_init_one() function in drivers/misc/ibmasm/module.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) NULL pointer dereference
EUVDB-ID: #VU90496
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47337
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the scsi_host_alloc() function in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use of uninitialized resource
EUVDB-ID: #VU90871
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47343
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the dm_btree_remove() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Memory leak
EUVDB-ID: #VU89962
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47344
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the zr364xx_start_readpipe() function in drivers/media/usb/zr364xx/zr364xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Memory leak
EUVDB-ID: #VU89963
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47345
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the cma_resolve_ib_route() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Buffer overflow
EUVDB-ID: #VU91309
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47347
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the wl1251_cmd_scan() function in drivers/net/wireless/ti/wl1251/cmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Buffer overflow
EUVDB-ID: #VU93170
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47352
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the receive_small(), rcu_read_unlock() and receive_mergeable() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) NULL pointer dereference
EUVDB-ID: #VU90500
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47353
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the udf_symlink() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Use-after-free
EUVDB-ID: #VU90133
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47355
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nicstar_cleanup() function in drivers/atm/nicstar.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Use-after-free
EUVDB-ID: #VU90134
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47356
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Use-after-free
EUVDB-ID: #VU90135
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47357
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ia_module_exit() function in drivers/atm/iphase.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper error handling
EUVDB-ID: #VU90939
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47361
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mcb_alloc_bus() function in drivers/mcb/mcb-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU90498
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47362
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the si_dpm_enable() function in drivers/gpu/drm/amd/pm/powerplay/si_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) NULL pointer dereference
EUVDB-ID: #VU91457
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47369
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qeth_clear_working_pool_list() function in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU90138
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47375
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the blk_trace_remove_queue() function in kernel/trace/blktrace.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Use-after-free
EUVDB-ID: #VU91058
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47378
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_rdma_free_queue(), nvme_rdma_conn_established(), nvme_rdma_route_resolved() and nvme_rdma_cm_handler() functions in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Improper locking
EUVDB-ID: #VU90741
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47382
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qeth_do_reset() function in drivers/s390/net/qeth_core_main.c, within the EXPORT_SYMBOL(), ccwgroup_set_offline() and ccwgroup_online_store() functions in drivers/s390/cio/ccwgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Out-of-bounds read
EUVDB-ID: #VU91390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47383
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vc_do_resize() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Use-after-free
EUVDB-ID: #VU90141
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47391
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cma_cancel_operation() and rdma_resolve_addr() functions in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) NULL pointer dereference
EUVDB-ID: #VU92066
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47397
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sctp_rcv_ootb() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Resource management error
EUVDB-ID: #VU93185
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47400
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hns3_nic_net_open() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Memory leak
EUVDB-ID: #VU91624
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47401
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipoctal_inst_slot() and __ipoctal_remove() functions in drivers/ipack/devices/ipoctal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Out-of-bounds read
EUVDB-ID: #VU90298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47404
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the betopff_init() function in drivers/hid/hid-betopff.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) NULL pointer dereference
EUVDB-ID: #VU92067
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47409
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dwc2_hcd_init() function in drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Memory leak
EUVDB-ID: #VU89967
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47416
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Memory leak
EUVDB-ID: #VU89971
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47423
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the drivers/gpu/drm/nouveau/nouveau_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use of uninitialized resource
EUVDB-ID: #VU90976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47424
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the i40e_clear_interrupt_scheme() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Information disclosure
EUVDB-ID: #VU91339
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47431
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the gmc_v9_0_hw_fini() function in drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c, within the gmc_v10_0_hw_fini() function in drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) NULL pointer dereference
EUVDB-ID: #VU90405
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47435
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the start_io_acct() and dec_pending() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) NULL pointer dereference
EUVDB-ID: #VU90404
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47436
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dsps_probe() function in drivers/usb/musb/musb_dsps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Use-after-free
EUVDB-ID: #VU90060
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47456
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the peak_pci_remove() function in drivers/net/can/sja1000/peak_pci.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Buffer overflow
EUVDB-ID: #VU91306
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47458
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the ocfs2_initialize_super() function in fs/ocfs2/super.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Buffer overflow
EUVDB-ID: #VU93141
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47460
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Improper locking
EUVDB-ID: #VU90737
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47469
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the LIST_HEAD(), spi_add_device(), spi_add_device_locked(), spi_register_controller() and spi_unregister_controller() functions in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Memory leak
EUVDB-ID: #VU89940
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47472
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Memory leak
EUVDB-ID: #VU89941
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47473
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak in drivers/scsi/qla2xxx/qla_bsg.c. A local user can crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Out-of-bounds read
EUVDB-ID: #VU91081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47478
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the isofs_read_inode() function in fs/isofs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Resource management error
EUVDB-ID: #VU93589
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47480
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the scsi_device_dev_release_usercontext() function in drivers/scsi/scsi_sysfs.c, within the EXPORT_SYMBOL() function in drivers/scsi/scsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Double free
EUVDB-ID: #VU90920
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47483
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the regcache_rbtree_insert_to_block() function in drivers/base/regmap/regcache-rbtree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Buffer overflow
EUVDB-ID: #VU91305
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47485
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the qib_user_sdma_num_pages(), qib_user_sdma_free_pkt_frag(), qib_user_sdma_pin_pkt() and qib_user_sdma_queue_pkts() functions in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Input validation error
EUVDB-ID: #VU90852
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47495
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Buffer overflow
EUVDB-ID: #VU91197
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47496
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tls_err_abort(), tls_tx_records(), tls_push_record(), tls_sw_recvmsg() and tls_sw_splice_read() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Out-of-bounds read
EUVDB-ID: #VU90276
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47497
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nvmem_shift_read_buffer_in_place() function in drivers/nvmem/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Use-after-free
EUVDB-ID: #VU90050
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47500
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mma8452_trigger_setup() function in drivers/iio/accel/mma8452.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU90052
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47506
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hash_delegation_locked(), unhash_delegation_locked() and nfsd4_cb_recall_prepare() functions in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Buffer overflow
EUVDB-ID: #VU93398
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47509
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the snd_pcm_oss_set_fragment1() function in sound/core/oss/pcm_oss.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Buffer overflow
EUVDB-ID: #VU92005
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47511
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the snd_pcm_hw_param_value_min() and snd_pcm_oss_period_size() functions in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Information disclosure
EUVDB-ID: #VU91327
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47523
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the hfi1_init(), hfi1_free_devdata(), hfi1_alloc_devdata() and cleanup_device_data() functions in drivers/infiniband/hw/hfi1/init.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use-after-free
EUVDB-ID: #VU90055
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47541
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mlx4_en_try_alloc_resources() function in drivers/net/ethernet/mellanox/mlx4/en_netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Buffer overflow
EUVDB-ID: #VU92060
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47548
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hns_dsaf_ge_srst_by_port() function in drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Resource management error
EUVDB-ID: #VU93588
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the _scsih_ublock_io_device() function in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Use-after-free
EUVDB-ID: #VU90175
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48686
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Use-after-free
EUVDB-ID: #VU90172
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48697
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __nvmet_req_complete() function in drivers/nvme/target/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper locking
EUVDB-ID: #VU91520
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48704
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the radeon_suspend_kms() function in drivers/gpu/drm/radeon/radeon_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) NULL pointer dereference
EUVDB-ID: #VU91227
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48708
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pcs_set_mux() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) NULL pointer dereference
EUVDB-ID: #VU90411
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48710
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_fp_native_mode() function in drivers/gpu/drm/radeon/radeon_connectors.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Improper locking
EUVDB-ID: #VU90810
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0160
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Use-after-free
EUVDB-ID: #VU75448
Risk: Low
CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-1829
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
107) Out-of-bounds read
EUVDB-ID: #VU82305
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-42755
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the the IPv4 Resource Reservation Protocol (RSVP) classifier function in the Linux kernel. A local user can trigger an out-of-bounds read error and crash the Linux kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Use-after-free
EUVDB-ID: #VU82755
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-47233
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Buffer overflow
EUVDB-ID: #VU93245
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52527
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Race condition
EUVDB-ID: #VU91486
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52586
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the dpu_encoder_phys_vid_control_vblank_irq(), dpu_encoder_phys_vid_irq_control() and dpu_encoder_phys_vid_init() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c, within the dpu_encoder_phys_cmd_control_vblank_irq(), dpu_encoder_phys_cmd_irq_control() and dpu_encoder_phys_cmd_init() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c, within the dpu_encoder_phys_init() function in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper locking
EUVDB-ID: #VU91538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Buffer overflow
EUVDB-ID: #VU93242
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52655
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the aqc111_rx_fixup() function in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Double free
EUVDB-ID: #VU90893
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52664
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the aq_vec_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_vec.c, within the aq_get_rxpages(), aq_ring_alloc(), aq_ring_rx_alloc() and aq_ring_hwts_rx_alloc() functions in drivers/net/ethernet/aquantia/atlantic/aq_ring.c, within the aq_ptp_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Buffer overflow
EUVDB-ID: #VU91437
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52685
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the persistent_ram_init_ecc() function in fs/pstore/ram_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) NULL pointer dereference
EUVDB-ID: #VU90548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52686
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Double free
EUVDB-ID: #VU90921
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52691
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU90550
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52696
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the opal_powercap_init() function in arch/powerpc/platforms/powernv/opal-powercap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Memory leak
EUVDB-ID: #VU89982
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52698
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the netlbl_calipso_ops_register(), netlbl_calipso_add_pass() and netlbl_calipso_genl_init() functions in net/netlabel/netlabel_calipso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Use of uninitialized resource
EUVDB-ID: #VU91676
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52703
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the kalmia_send_init_packet() function in drivers/net/usb/kalmia.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Information disclosure
EUVDB-ID: #VU91333
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52730
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Improper locking
EUVDB-ID: #VU91507
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52732
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_update_snap_trace() and ceph_handle_snap() functions in fs/ceph/snap.c, within the register_session(), __open_session(), __do_request(), handle_reply(), ceph_mdsc_put_request(), done_closing_sessions() and mds_peer_reset() functions in fs/ceph/mds_client.c, within the ceph_zero_partial_object() function in fs/ceph/file.c, within the ceph_handle_caps() and iput() functions in fs/ceph/caps.c, within the ceph_netfs_issue_read(), writepage_nounlock() and ceph_uninline_data() functions in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Use-after-free
EUVDB-ID: #VU90065
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52741
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the uncached_fill_pages() and readpages_fill_pages() functions in fs/cifs/file.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Resource management error
EUVDB-ID: #VU93466
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52742
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the pl_vendor_req() function in drivers/net/usb/plusb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Information disclosure
EUVDB-ID: #VU91332
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52747
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the user_exp_rcv_setup() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Reachable Assertion
EUVDB-ID: #VU90905
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52759
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the qd_check_sync() function in fs/gfs2/quota.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Improper locking
EUVDB-ID: #VU91504
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52774
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dasd_profile_start() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Incorrect calculation
EUVDB-ID: #VU93611
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52781
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the usb_get_bos_descriptor() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper locking
EUVDB-ID: #VU91506
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52796
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipvlan_addr_lookup(), IS_ENABLED() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use-after-free
EUVDB-ID: #VU90079
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52803
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) NULL pointer dereference
EUVDB-ID: #VU90430
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52821
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the versatile_panel_get_modes() function in drivers/gpu/drm/panel/panel-arm-versatile.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Buffer overflow
EUVDB-ID: #VU91198
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52864
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) NULL pointer dereference
EUVDB-ID: #VU90425
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52865
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early() and mtk_infrasys_init() functions in drivers/clk/mediatek/clk-mt6797.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Buffer overflow
EUVDB-ID: #VU91308
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52867
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the drivers/gpu/drm/radeon/evergreen.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) NULL pointer dereference
EUVDB-ID: #VU90424
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52875
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt2701.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU89899
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52880
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Use-after-free
EUVDB-ID: #VU87344
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26625
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Incorrect calculation
EUVDB-ID: #VU89392
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26752
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Improper locking
EUVDB-ID: #VU90786
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26775
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the aoeblk_gdalloc() function in drivers/block/aoe/aoeblk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Integer underflow
EUVDB-ID: #VU91674
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26828
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Double free
EUVDB-ID: #VU90896
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26846
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the LIST_HEAD(), nvme_fc_free_lport(), nvme_fc_init_module(), device_destroy() and nvme_fc_delete_controllers() functions in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) NULL pointer dereference
EUVDB-ID: #VU90575
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26874
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Memory leak
EUVDB-ID: #VU90468
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26900
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Buffer overflow
EUVDB-ID: #VU91311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26915
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vega20_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega20_ih.c, within the vega10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega10_ih.c, within the tonga_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/tonga_ih.c, within the si_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/si_ih.c, within the navi10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/navi10_ih.c, within the iceland_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/iceland_ih.c, within the cz_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cz_ih.c, within the cik_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cik_ih.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Buffer overflow
EUVDB-ID: #VU93805
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Integer underflow
EUVDB-ID: #VU91672
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26921
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nf_ct_frag6_queue() and nf_ct_frag6_gather() functions in net/ipv6/netfilter/nf_conntrack_reasm.c, within the ip_frag_queue() and ip_defrag() functions in net/ipv4/ip_fragment.c, within the FRAG_CB(), inet_frag_queue_insert(), inet_frag_reasm_prepare(), EXPORT_SYMBOL() and inet_frag_reasm_finish() functions in net/ipv4/inet_fragment.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Improper locking
EUVDB-ID: #VU90776
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26934
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Use-after-free
EUVDB-ID: #VU91062
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26957
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Use-after-free
EUVDB-ID: #VU90183
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) NULL pointer dereference
EUVDB-ID: #VU90557
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv50_instobj_acquire() function in drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Use-after-free
EUVDB-ID: #VU90184
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26996
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ncm_set_alt() and ncm_disable() functions in drivers/usb/gadget/function/f_ncm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Division by zero
EUVDB-ID: #VU91374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27059
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Race condition
EUVDB-ID: #VU91471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27062
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nvkm_object_search() and nvkm_object_remove() functions in drivers/gpu/drm/nouveau/nvkm/core/object.c, within the nvkm_client_new() function in drivers/gpu/drm/nouveau/nvkm/core/client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Use-after-free
EUVDB-ID: #VU90168
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27396
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Use-after-free
EUVDB-ID: #VU89672
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27398
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Buffer overflow
EUVDB-ID: #VU89675
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27401
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Race condition within a thread
EUVDB-ID: #VU91429
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27419
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Out-of-bounds write
EUVDB-ID: #VU93594
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27436
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Use-after-free
EUVDB-ID: #VU90167
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Use-after-free
EUVDB-ID: #VU90165
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35791
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the svm_register_enc_region() function in arch/x86/kvm/svm/sev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Improper error handling
EUVDB-ID: #VU90947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35809
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Use-after-free
EUVDB-ID: #VU90164
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35811
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Resource management error
EUVDB-ID: #VU93591
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35830
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Information disclosure
EUVDB-ID: #VU91345
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35849
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Memory leak
EUVDB-ID: #VU91638
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35877
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) NULL pointer dereference
EUVDB-ID: #VU90508
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Use-after-free
EUVDB-ID: #VU90159
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35887
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Improper locking
EUVDB-ID: #VU90752
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35895
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Improper locking
EUVDB-ID: #VU90753
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35914
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lock_rename() and unlock_rename() functions in fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Use-after-free
EUVDB-ID: #VU90146
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35932
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc4_prepare_fb() and vc4_cleanup_fb() functions in drivers/gpu/drm/vc4/vc4_plane.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Improper error handling
EUVDB-ID: #VU90944
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35935
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Improper error handling
EUVDB-ID: #VU90942
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35936
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Resource management error
EUVDB-ID: #VU93839
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35944
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Use-after-free
EUVDB-ID: #VU90145
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35955
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Use-after-free
EUVDB-ID: #VU90143
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35969
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Infinite loop
EUVDB-ID: #VU91411
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35982
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) NULL pointer dereference
EUVDB-ID: #VU91458
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35984
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Unchecked Return Value
EUVDB-ID: #VU89896
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36015
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Resource management error
EUVDB-ID: #VU92981
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36029
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the sdhci_msm_runtime_suspend() and sdhci_msm_runtime_resume() functions in drivers/mmc/host/sdhci-msm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Memory leak
EUVDB-ID: #VU90431
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36954
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-source-azure: before 4.12.14-16.188.1
kernel-devel-azure: before 4.12.14-16.188.1
kernel-azure-debugsource: before 4.12.14-16.188.1
kernel-azure-base-debuginfo: before 4.12.14-16.188.1
kernel-azure-devel: before 4.12.14-16.188.1
kernel-azure-debuginfo: before 4.12.14-16.188.1
kernel-syms-azure: before 4.12.14-16.188.1
kernel-azure-base: before 4.12.14-16.188.1
kernel-azure: before 4.12.14-16.188.1
CPE2.3- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_12:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_12:SP5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241979-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
