SUSE update for the Linux Kernel



Risk Medium
Patch available YES
Number of vulnerabilities 198
CVE-ID CVE-2021-46933
CVE-2021-46955
CVE-2021-47074
CVE-2021-47113
CVE-2021-47131
CVE-2021-47162
CVE-2021-47171
CVE-2021-47188
CVE-2021-47206
CVE-2021-47220
CVE-2021-47229
CVE-2021-47231
CVE-2021-47235
CVE-2021-47236
CVE-2021-47237
CVE-2021-47238
CVE-2021-47239
CVE-2021-47245
CVE-2021-47246
CVE-2021-47248
CVE-2021-47249
CVE-2021-47250
CVE-2021-47252
CVE-2021-47254
CVE-2021-47258
CVE-2021-47260
CVE-2021-47261
CVE-2021-47265
CVE-2021-47269
CVE-2021-47274
CVE-2021-47276
CVE-2021-47277
CVE-2021-47280
CVE-2021-47281
CVE-2021-47284
CVE-2021-47288
CVE-2021-47301
CVE-2021-47302
CVE-2021-47305
CVE-2021-47307
CVE-2021-47308
CVE-2021-47310
CVE-2021-47311
CVE-2021-47314
CVE-2021-47315
CVE-2021-47319
CVE-2021-47320
CVE-2021-47321
CVE-2021-47323
CVE-2021-47324
CVE-2021-47330
CVE-2021-47334
CVE-2021-47337
CVE-2021-47343
CVE-2021-47344
CVE-2021-47345
CVE-2021-47347
CVE-2021-47352
CVE-2021-47353
CVE-2021-47355
CVE-2021-47356
CVE-2021-47357
CVE-2021-47361
CVE-2021-47362
CVE-2021-47369
CVE-2021-47375
CVE-2021-47378
CVE-2021-47382
CVE-2021-47383
CVE-2021-47391
CVE-2021-47397
CVE-2021-47400
CVE-2021-47401
CVE-2021-47404
CVE-2021-47409
CVE-2021-47416
CVE-2021-47423
CVE-2021-47424
CVE-2021-47431
CVE-2021-47435
CVE-2021-47436
CVE-2021-47456
CVE-2021-47458
CVE-2021-47460
CVE-2021-47469
CVE-2021-47472
CVE-2021-47473
CVE-2021-47478
CVE-2021-47480
CVE-2021-47483
CVE-2021-47485
CVE-2021-47495
CVE-2021-47496
CVE-2021-47497
CVE-2021-47500
CVE-2021-47506
CVE-2021-47509
CVE-2021-47511
CVE-2021-47523
CVE-2021-47541
CVE-2021-47548
CVE-2021-47565
CVE-2022-48636
CVE-2022-48650
CVE-2022-48672
CVE-2022-48686
CVE-2022-48697
CVE-2022-48702
CVE-2022-48704
CVE-2022-48708
CVE-2022-48710
CVE-2023-0160
CVE-2023-1829
CVE-2023-42755
CVE-2023-47233
CVE-2023-52527
CVE-2023-52586
CVE-2023-52591
CVE-2023-52646
CVE-2023-52653
CVE-2023-52655
CVE-2023-52664
CVE-2023-52685
CVE-2023-52686
CVE-2023-52691
CVE-2023-52696
CVE-2023-52698
CVE-2023-52703
CVE-2023-52730
CVE-2023-52732
CVE-2023-52741
CVE-2023-52742
CVE-2023-52747
CVE-2023-52759
CVE-2023-52774
CVE-2023-52781
CVE-2023-52796
CVE-2023-52803
CVE-2023-52821
CVE-2023-52864
CVE-2023-52865
CVE-2023-52867
CVE-2023-52875
CVE-2023-52880
CVE-2024-0639
CVE-2024-26625
CVE-2024-26739
CVE-2024-26752
CVE-2024-26775
CVE-2024-26791
CVE-2024-26828
CVE-2024-26846
CVE-2024-26874
CVE-2024-26876
CVE-2024-26900
CVE-2024-26915
CVE-2024-26920
CVE-2024-26921
CVE-2024-26929
CVE-2024-26930
CVE-2024-26931
CVE-2024-26934
CVE-2024-26957
CVE-2024-26958
CVE-2024-26984
CVE-2024-26996
CVE-2024-27008
CVE-2024-27054
CVE-2024-27059
CVE-2024-27062
CVE-2024-27388
CVE-2024-27396
CVE-2024-27398
CVE-2024-27401
CVE-2024-27419
CVE-2024-27436
CVE-2024-35789
CVE-2024-35791
CVE-2024-35809
CVE-2024-35811
CVE-2024-35830
CVE-2024-35849
CVE-2024-35877
CVE-2024-35878
CVE-2024-35887
CVE-2024-35895
CVE-2024-35914
CVE-2024-35932
CVE-2024-35935
CVE-2024-35936
CVE-2024-35944
CVE-2024-35955
CVE-2024-35969
CVE-2024-35982
CVE-2024-35984
CVE-2024-36015
CVE-2024-36029
CVE-2024-36954
CWE-ID CWE-416
CWE-125
CWE-401
CWE-399
CWE-476
CWE-200
CWE-362
CWE-388
CWE-665
CWE-20
CWE-119
CWE-908
CWE-667
CWE-415
CWE-193
CWE-617
CWE-682
CWE-264
CWE-191
CWE-369
CWE-366
CWE-787
CWE-835
CWE-252
Exploitation vector Network
Public exploit Public exploit code for vulnerability #113 is available.
Vulnerable software
SUSE Linux Enterprise Real Time 12
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 12
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 12
Operating systems & Components / Operating system

kernel-rt_debug
Operating systems & Components / Operating system package or component

kernel-rt
Operating systems & Components / Operating system package or component

kernel-source-rt
Operating systems & Components / Operating system package or component

kernel-devel-rt
Operating systems & Components / Operating system package or component

kernel-rt_debug-devel
Operating systems & Components / Operating system package or component

kernel-rt_debug-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-rt
Operating systems & Components / Operating system package or component

ocfs2-kmp-rt
Operating systems & Components / Operating system package or component

kernel-rt-base-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-base
Operating systems & Components / Operating system package or component

kernel-rt-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-rt
Operating systems & Components / Operating system package or component

ocfs2-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-syms-rt
Operating systems & Components / Operating system package or component

kernel-rt_debug-devel-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-rt
Operating systems & Components / Operating system package or component

dlm-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

kernel-rt_debug-debugsource
Operating systems & Components / Operating system package or component

kernel-rt-debugsource
Operating systems & Components / Operating system package or component

kernel-rt-devel
Operating systems & Components / Operating system package or component

gfs2-kmp-rt-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 198 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU90259

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46933

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ffs_data_clear() and ffs_data_reset() functions in drivers/usb/gadget/function/f_fs.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU88889

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-46955

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the ovs_fragment() function in net/openvswitch/actions.c when running openvswitch on kernels built with KASAN. A remote attacker can send specially crafted IPv4 packets to the system, trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory leak

EUVDB-ID: #VU90027

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47074

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nvme_loop_create_ctrl() function in drivers/nvme/target/loop.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Resource management error

EUVDB-ID: #VU89258

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47113

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the btrfs_rename_exchange() function in fs/btrfs/inode.c. A local user can corrupt the filesystem and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU90223

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47131

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tls_ctx_create() function in net/tls/tls_main.c, within the tls_validate_xmit_skb() function in net/tls/tls_device_fallback.c, within the tls_device_gc_task(), tls_device_rx_resync_new_rec(), tls_device_decrypted() and tls_device_down() functions in net/tls/tls_device.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU91064

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47162

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Memory leak

EUVDB-ID: #VU90011

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47171

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU93843

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47188

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) NULL pointer dereference

EUVDB-ID: #VU92072

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47206

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ohci_hcd_tmio_drv_probe() function in drivers/usb/host/ohci-tmio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) NULL pointer dereference

EUVDB-ID: #VU90462

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47220

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_remove() function in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource management error

EUVDB-ID: #VU93455

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47229

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the advk_pcie_wait_pio(), advk_pcie_rd_conf() and advk_pcie_wr_conf() functions in drivers/pci/host/pci-aardvark.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory leak

EUVDB-ID: #VU89946

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47231

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mcba_usb_start() and mcba_usb_open() functions in drivers/net/can/usb/mcba_usb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Use-after-free

EUVDB-ID: #VU90089

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47235

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ec_bhf_remove() function in drivers/net/ethernet/ec_bhf.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory leak

EUVDB-ID: #VU91632

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47236

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the eem_tx_fixup() function in drivers/net/usb/cdc_eem.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU89947

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47237

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the mkiss_close() function in drivers/net/hamradio/mkiss.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Memory leak

EUVDB-ID: #VU89948

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47238

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ip_mc_destroy_dev() function in net/ipv4/igmp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU89949

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47239

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the smsc75xx_bind() and smsc75xx_unbind() functions in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Out-of-bounds read

EUVDB-ID: #VU91088

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47245

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the synproxy_parse_options() function in net/netfilter/nf_synproxy_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Information disclosure

EUVDB-ID: #VU91342

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47246

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the mlx5_hairpin_unpair_peer_sq(), mlx5_hairpin_unpair_queues() and mlx5_core_hairpin_destroy() functions in drivers/net/ethernet/mellanox/mlx5/core/transobj.c, within the mlx5e_tc_hairpin_update_dead_peer() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Race condition

EUVDB-ID: #VU91467

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47248

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the udpv6_destroy_sock() function in net/ipv6/udp.c, within the udp_destroy_sock() and udp_abort() functions in net/ipv4/udp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Memory leak

EUVDB-ID: #VU89950

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47249

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the rds_recvmsg() function in net/rds/recv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Memory leak

EUVDB-ID: #VU89951

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47250

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cipso_v4_doi_free() function in net/ipv4/cipso_ipv4.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Resource management error

EUVDB-ID: #VU93253

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47252

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the batadv_iv_ogm_emit() function in net/batman-adv/bat_iv_ogm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU90086

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47254

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __acquires() and gfs2_scan_glock_lru() functions in fs/gfs2/glock.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper error handling

EUVDB-ID: #VU90937

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47258

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the scsi_host_alloc() function in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU91230

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47260

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfs_get_client() function in fs/nfs/client.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper Initialization

EUVDB-ID: #VU93607

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47261

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the destroy_cq_user(), create_cq_kernel() and resize_kernel() functions in drivers/infiniband/hw/mlx5/cq.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU93174

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47265

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the mlx5_ib_create_flow() function in drivers/infiniband/hw/mlx5/fs.c, within the mlx4_ib_create_flow() function in drivers/infiniband/hw/mlx4/main.c, within the ib_uverbs_ex_create_flow() function in drivers/infiniband/core/uverbs_cmd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) NULL pointer dereference

EUVDB-ID: #VU90477

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47269

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc3_wIndex_to_dep() function in drivers/usb/dwc3/ep0.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Out-of-bounds read

EUVDB-ID: #VU90294

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47274

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the trace_event_buffer_lock_reserve() function in kernel/trace/trace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Buffer overflow

EUVDB-ID: #VU93664

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47276

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ftrace_hash_ipmodify_update() function in kernel/trace/ftrace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Out-of-bounds read

EUVDB-ID: #VU90296

Risk: Low

CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47277

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the include/linux/kvm_host.h. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Use-after-free

EUVDB-ID: #VU90094

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47280

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_getunique() function in drivers/gpu/drm/drm_ioctl.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Use-after-free

EUVDB-ID: #VU90095

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47281

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the snd_seq_timer_open() function in sound/core/seq/seq_timer.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper Initialization

EUVDB-ID: #VU91550

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47284

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the nj_probe() function in drivers/isdn/hardware/mISDN/netjet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU90297

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47288

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the ngene_command_config_free_buf() function in drivers/media/pci/ngene/ngene-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Use-after-free

EUVDB-ID: #VU90098

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47301

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the igb_clean_tx_ring() function in drivers/net/ethernet/intel/igb/igb_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use-after-free

EUVDB-ID: #VU90099

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47302

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the igc_clean_tx_ring() function in drivers/net/ethernet/intel/igc/igc_main.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Information disclosure

EUVDB-ID: #VU91340

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47305

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sync_file_merge() function in drivers/dma-buf/sync_file.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU91231

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47307

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cifs_compose_mount_options() function in fs/cifs/cifs_dfs_ref.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Out-of-bounds read

EUVDB-ID: #VU91090

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47308

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the fc_rport_prli_resp() function in drivers/scsi/libfc/fc_rport.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU90102

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47310

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tlan_remove_one() function in drivers/net/ethernet/ti/tlan.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Use-after-free

EUVDB-ID: #VU90103

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47311

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the emac_remove() function in drivers/net/ethernet/qualcomm/emac/emac.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Information disclosure

EUVDB-ID: #VU91334

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47314

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_remove() and fsl_ifc_ctrl_probe() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Information disclosure

EUVDB-ID: #VU91335

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47315

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the fsl_ifc_ctrl_probe() and free_irq() functions in drivers/memory/fsl_ifc.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Memory leak

EUVDB-ID: #VU89958

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47319

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the virtblk_freeze() function in drivers/block/virtio_blk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Memory leak

EUVDB-ID: #VU89959

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47320

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nfs3_proc_create() and nfs3_proc_mknod() functions in fs/nfs/nfs3proc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Use-after-free

EUVDB-ID: #VU90105

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47321

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/w83877f_wdt.c, within the lpc18xx_wdt_remove() function in drivers/watchdog/lpc18xx_wdt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU90101

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47323

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sc520_wdt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Use-after-free

EUVDB-ID: #VU90118

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47324

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the wdt_startup() function in drivers/watchdog/sbc60xxwdt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Memory leak

EUVDB-ID: #VU89960

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47330

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the serial_resume() and serial_probe() functions in drivers/tty/serial/8250/serial_cs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU90119

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47334

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ibmasm_init_one() function in drivers/misc/ibmasm/module.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) NULL pointer dereference

EUVDB-ID: #VU90496

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47337

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the scsi_host_alloc() function in drivers/scsi/hosts.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Use of uninitialized resource

EUVDB-ID: #VU90871

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47343

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the dm_btree_remove() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Memory leak

EUVDB-ID: #VU89962

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47344

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the zr364xx_start_readpipe() function in drivers/media/usb/zr364xx/zr364xx.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Memory leak

EUVDB-ID: #VU89963

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47345

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the cma_resolve_ib_route() function in drivers/infiniband/core/cma.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Buffer overflow

EUVDB-ID: #VU91309

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47347

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wl1251_cmd_scan() function in drivers/net/wireless/ti/wl1251/cmd.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Buffer overflow

EUVDB-ID: #VU93170

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47352

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the receive_small(), rcu_read_unlock() and receive_mergeable() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU90500

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47353

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the udf_symlink() function in fs/udf/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU90133

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47355

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nicstar_cleanup() function in drivers/atm/nicstar.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Use-after-free

EUVDB-ID: #VU90134

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47356

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the HFC_cleanup() function in drivers/isdn/hardware/mISDN/hfcpci.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU90135

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47357

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ia_module_exit() function in drivers/atm/iphase.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Improper error handling

EUVDB-ID: #VU90939

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47361

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mcb_alloc_bus() function in drivers/mcb/mcb-core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) NULL pointer dereference

EUVDB-ID: #VU90498

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47362

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the si_dpm_enable() function in drivers/gpu/drm/amd/pm/powerplay/si_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) NULL pointer dereference

EUVDB-ID: #VU91457

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47369

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qeth_clear_working_pool_list() function in drivers/s390/net/qeth_core_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU90138

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47375

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the blk_trace_remove_queue() function in kernel/trace/blktrace.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Use-after-free

EUVDB-ID: #VU91058

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47378

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_rdma_free_queue(), nvme_rdma_conn_established(), nvme_rdma_route_resolved() and nvme_rdma_cm_handler() functions in drivers/nvme/host/rdma.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper locking

EUVDB-ID: #VU90741

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47382

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the qeth_do_reset() function in drivers/s390/net/qeth_core_main.c, within the EXPORT_SYMBOL(), ccwgroup_set_offline() and ccwgroup_online_store() functions in drivers/s390/cio/ccwgroup.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Out-of-bounds read

EUVDB-ID: #VU91390

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47383

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the vc_do_resize() function in drivers/tty/vt/vt.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Use-after-free

EUVDB-ID: #VU90141

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47391

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the cma_cancel_operation() and rdma_resolve_addr() functions in drivers/infiniband/core/cma.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) NULL pointer dereference

EUVDB-ID: #VU92066

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47397

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the sctp_rcv_ootb() function in net/sctp/input.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Resource management error

EUVDB-ID: #VU93185

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47400

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the hns3_nic_net_open() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) Memory leak

EUVDB-ID: #VU91624

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47401

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ipoctal_inst_slot() and __ipoctal_remove() functions in drivers/ipack/devices/ipoctal.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Out-of-bounds read

EUVDB-ID: #VU90298

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47404

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the betopff_init() function in drivers/hid/hid-betopff.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) NULL pointer dereference

EUVDB-ID: #VU92067

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47409

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dwc2_hcd_init() function in drivers/usb/dwc2/hcd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Memory leak

EUVDB-ID: #VU89967

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47416

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Memory leak

EUVDB-ID: #VU89971

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47423

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the drivers/gpu/drm/nouveau/nouveau_debugfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Use of uninitialized resource

EUVDB-ID: #VU90976

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47424

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the i40e_clear_interrupt_scheme() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Information disclosure

EUVDB-ID: #VU91339

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47431

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the gmc_v9_0_hw_fini() function in drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c, within the gmc_v10_0_hw_fini() function in drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) NULL pointer dereference

EUVDB-ID: #VU90405

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47435

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the start_io_acct() and dec_pending() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) NULL pointer dereference

EUVDB-ID: #VU90404

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47436

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dsps_probe() function in drivers/usb/musb/musb_dsps.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) Use-after-free

EUVDB-ID: #VU90060

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47456

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the peak_pci_remove() function in drivers/net/can/sja1000/peak_pci.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Buffer overflow

EUVDB-ID: #VU91306

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47458

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the ocfs2_initialize_super() function in fs/ocfs2/super.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

84) Buffer overflow

EUVDB-ID: #VU93141

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47460

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ocfs2_set_inode_data_inline() and ocfs2_convert_inline_data_to_extents() functions in fs/ocfs2/alloc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

85) Improper locking

EUVDB-ID: #VU90737

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47469

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the LIST_HEAD(), spi_add_device(), spi_add_device_locked(), spi_register_controller() and spi_unregister_controller() functions in drivers/spi/spi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

86) Memory leak

EUVDB-ID: #VU89940

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47472

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __mdiobus_register() function in drivers/net/phy/mdio_bus.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

87) Memory leak

EUVDB-ID: #VU89941

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47473

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in drivers/scsi/qla2xxx/qla_bsg.c. A local user can crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

88) Out-of-bounds read

EUVDB-ID: #VU91081

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47478

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the isofs_read_inode() function in fs/isofs/inode.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

89) Resource management error

EUVDB-ID: #VU93589

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47480

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the scsi_device_dev_release_usercontext() function in drivers/scsi/scsi_sysfs.c, within the EXPORT_SYMBOL() function in drivers/scsi/scsi.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

90) Double free

EUVDB-ID: #VU90920

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47483

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the regcache_rbtree_insert_to_block() function in drivers/base/regmap/regcache-rbtree.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

91) Buffer overflow

EUVDB-ID: #VU91305

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47485

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the qib_user_sdma_num_pages(), qib_user_sdma_free_pkt_frag(), qib_user_sdma_pin_pkt() and qib_user_sdma_queue_pkts() functions in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

92) Input validation error

EUVDB-ID: #VU90852

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47495

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the drivers/net/usb/usbnet.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

93) Buffer overflow

EUVDB-ID: #VU91197

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47496

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the tls_err_abort(), tls_tx_records(), tls_push_record(), tls_sw_recvmsg() and tls_sw_splice_read() functions in net/tls/tls_sw.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

94) Out-of-bounds read

EUVDB-ID: #VU90276

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47497

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the nvmem_shift_read_buffer_in_place() function in drivers/nvmem/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

95) Use-after-free

EUVDB-ID: #VU90050

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47500

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mma8452_trigger_setup() function in drivers/iio/accel/mma8452.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

96) Use-after-free

EUVDB-ID: #VU90052

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47506

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hash_delegation_locked(), unhash_delegation_locked() and nfsd4_cb_recall_prepare() functions in fs/nfsd/nfs4state.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

97) Buffer overflow

EUVDB-ID: #VU93398

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47509

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the snd_pcm_oss_set_fragment1() function in sound/core/oss/pcm_oss.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

98) Buffer overflow

EUVDB-ID: #VU92005

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47511

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the snd_pcm_hw_param_value_min() and snd_pcm_oss_period_size() functions in sound/core/oss/pcm_oss.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

99) Information disclosure

EUVDB-ID: #VU91327

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47523

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the hfi1_init(), hfi1_free_devdata(), hfi1_alloc_devdata() and cleanup_device_data() functions in drivers/infiniband/hw/hfi1/init.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

100) Use-after-free

EUVDB-ID: #VU90055

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47541

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlx4_en_try_alloc_resources() function in drivers/net/ethernet/mellanox/mlx4/en_netdev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

101) Buffer overflow

EUVDB-ID: #VU92060

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47548

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the hns_dsaf_ge_srst_by_port() function in drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

102) Resource management error

EUVDB-ID: #VU93588

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47565

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the _scsih_ublock_io_device() function in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

103) Resource management error

EUVDB-ID: #VU92987

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48636

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dasd_alias_remove_device() and dasd_alias_get_start_dev() functions in drivers/s390/block/dasd_alias.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

104) Memory leak

EUVDB-ID: #VU89997

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48650

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __qlt_24xx_handle_abts() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

105) Off-by-one

EUVDB-ID: #VU91174

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48672

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an off-by-one error within the unflatten_dt_nodes() function in drivers/of/fdt.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

106) Use-after-free

EUVDB-ID: #VU90175

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48686

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

107) Use-after-free

EUVDB-ID: #VU90172

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48697

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __nvmet_req_complete() function in drivers/nvme/target/core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

108) Out-of-bounds read

EUVDB-ID: #VU90312

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48702

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_emu10k1_pcm_channel_alloc() function in sound/pci/emu10k1/emupcm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

109) Improper locking

EUVDB-ID: #VU91520

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48704

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the radeon_suspend_kms() function in drivers/gpu/drm/radeon/radeon_device.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

110) NULL pointer dereference

EUVDB-ID: #VU91227

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48708

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the pcs_set_mux() function in drivers/pinctrl/pinctrl-single.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

111) NULL pointer dereference

EUVDB-ID: #VU90411

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48710

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the radeon_fp_native_mode() function in drivers/gpu/drm/radeon/radeon_connectors.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

112) Improper locking

EUVDB-ID: #VU90810

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0160

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

113) Use-after-free

EUVDB-ID: #VU75448

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-1829

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

114) Out-of-bounds read

EUVDB-ID: #VU82305

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-42755

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the the IPv4 Resource Reservation Protocol (RSVP) classifier function in the Linux kernel. A local user can trigger an out-of-bounds read error and crash the Linux kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

115) Use-after-free

EUVDB-ID: #VU82755

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-47233

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

116) Buffer overflow

EUVDB-ID: #VU93245

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52527

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

117) Race condition

EUVDB-ID: #VU91486

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52586

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the dpu_encoder_phys_vid_control_vblank_irq(), dpu_encoder_phys_vid_irq_control() and dpu_encoder_phys_vid_init() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_vid.c, within the dpu_encoder_phys_cmd_control_vblank_irq(), dpu_encoder_phys_cmd_irq_control() and dpu_encoder_phys_cmd_init() functions in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder_phys_cmd.c, within the dpu_encoder_phys_init() function in drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

118) Improper locking

EUVDB-ID: #VU91538

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52591

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

119) NULL pointer dereference

EUVDB-ID: #VU93858

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52646

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the aio_ring_mremap() function in fs/aio.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

120) Memory leak

EUVDB-ID: #VU90459

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52653

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

121) Buffer overflow

EUVDB-ID: #VU93242

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52655

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the aqc111_rx_fixup() function in drivers/net/usb/aqc111.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

122) Double free

EUVDB-ID: #VU90893

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52664

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the aq_vec_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_vec.c, within the aq_get_rxpages(), aq_ring_alloc(), aq_ring_rx_alloc() and aq_ring_hwts_rx_alloc() functions in drivers/net/ethernet/aquantia/atlantic/aq_ring.c, within the aq_ptp_ring_alloc() function in drivers/net/ethernet/aquantia/atlantic/aq_ptp.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

123) Buffer overflow

EUVDB-ID: #VU91437

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52685

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the persistent_ram_init_ecc() function in fs/pstore/ram_core.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

124) NULL pointer dereference

EUVDB-ID: #VU90548

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52686

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the opal_event_init() function in arch/powerpc/platforms/powernv/opal-irqchip.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

125) Double free

EUVDB-ID: #VU90921

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52691

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the si_dpm_init() function in drivers/gpu/drm/amd/amdgpu/si_dpm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

126) NULL pointer dereference

EUVDB-ID: #VU90550

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52696

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the opal_powercap_init() function in arch/powerpc/platforms/powernv/opal-powercap.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

127) Memory leak

EUVDB-ID: #VU89982

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52698

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the netlbl_calipso_ops_register(), netlbl_calipso_add_pass() and netlbl_calipso_genl_init() functions in net/netlabel/netlabel_calipso.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

128) Use of uninitialized resource

EUVDB-ID: #VU91676

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52703

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the kalmia_send_init_packet() function in drivers/net/usb/kalmia.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

129) Information disclosure

EUVDB-ID: #VU91333

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52730

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the sdio_read_func_cis() and sdio_free_func_cis() functions in drivers/mmc/core/sdio_cis.c, within the sdio_release_func(), sdio_alloc_func() and sdio_add_func() functions in drivers/mmc/core/sdio_bus.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

130) Improper locking

EUVDB-ID: #VU91507

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52732

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ceph_update_snap_trace() and ceph_handle_snap() functions in fs/ceph/snap.c, within the register_session(), __open_session(), __do_request(), handle_reply(), ceph_mdsc_put_request(), done_closing_sessions() and mds_peer_reset() functions in fs/ceph/mds_client.c, within the ceph_zero_partial_object() function in fs/ceph/file.c, within the ceph_handle_caps() and iput() functions in fs/ceph/caps.c, within the ceph_netfs_issue_read(), writepage_nounlock() and ceph_uninline_data() functions in fs/ceph/addr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

131) Use-after-free

EUVDB-ID: #VU90065

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52741

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the uncached_fill_pages() and readpages_fill_pages() functions in fs/cifs/file.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

132) Resource management error

EUVDB-ID: #VU93466

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52742

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the pl_vendor_req() function in drivers/net/usb/plusb.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

133) Information disclosure

EUVDB-ID: #VU91332

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52747

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the user_exp_rcv_setup() function in drivers/infiniband/hw/hfi1/file_ops.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

134) Reachable Assertion

EUVDB-ID: #VU90905

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52759

CWE-ID: CWE-617 - Reachable Assertion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to reachable assertion within the qd_check_sync() function in fs/gfs2/quota.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

135) Improper locking

EUVDB-ID: #VU91504

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52774

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dasd_profile_start() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

136) Incorrect calculation

EUVDB-ID: #VU93611

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52781

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the usb_get_bos_descriptor() function in drivers/usb/core/config.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

137) Improper locking

EUVDB-ID: #VU91506

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52796

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ipvlan_addr_lookup(), IS_ENABLED() and ipvlan_process_v6_outbound() functions in drivers/net/ipvlan/ipvlan_core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

138) Use-after-free

EUVDB-ID: #VU90079

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52803

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rpc_clnt_remove_pipedir() and rpc_setup_pipedir() functions in net/sunrpc/clnt.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

139) NULL pointer dereference

EUVDB-ID: #VU90430

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52821

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the versatile_panel_get_modes() function in drivers/gpu/drm/panel/panel-arm-versatile.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

140) Buffer overflow

EUVDB-ID: #VU91198

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52864

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the wmi_dev_match() function in drivers/platform/x86/wmi.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

141) NULL pointer dereference

EUVDB-ID: #VU90425

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52865

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early() and mtk_infrasys_init() functions in drivers/clk/mediatek/clk-mt6797.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

142) Buffer overflow

EUVDB-ID: #VU91308

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52867

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the drivers/gpu/drm/radeon/evergreen.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

143) NULL pointer dereference

EUVDB-ID: #VU90424

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52875

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_topckgen_init(), mtk_infrasys_init_early(), mtk_infrasys_init() and mtk_pericfg_init() functions in drivers/clk/mediatek/clk-mt2701.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

144) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU89899

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-52880

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to missing permissions checks within the gsmld_open() function in drivers/tty/n_gsm.c. A local user with CAP_NET_ADMIN capability can create a GSM network.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

145) Improper locking

EUVDB-ID: #VU88894

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-0639

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to improper locking within the sctp_auto_asconf_init() function in net/sctp/socket.c. A local user can crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

146) Use-after-free

EUVDB-ID: #VU87344

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26625

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

147) Use-after-free

EUVDB-ID: #VU90214

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26739

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

148) Incorrect calculation

EUVDB-ID: #VU89392

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26752

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the l2tp_ip6_sendmsg() function in net/l2tp/l2tp_ip6.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

149) Improper locking

EUVDB-ID: #VU90786

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26775

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the aoeblk_gdalloc() function in drivers/block/aoe/aoeblk.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

150) Out-of-bounds read

EUVDB-ID: #VU91098

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26791

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the btrfs_check_replace_dev_names() and btrfs_dev_replace_by_ioctl() functions in fs/btrfs/dev-replace.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

151) Integer underflow

EUVDB-ID: #VU91674

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26828

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the parse_server_interfaces() function in fs/smb/client/smb2ops.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

152) Double free

EUVDB-ID: #VU90896

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26846

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the LIST_HEAD(), nvme_fc_free_lport(), nvme_fc_init_module(), device_destroy() and nvme_fc_delete_controllers() functions in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

153) NULL pointer dereference

EUVDB-ID: #VU90575

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26874

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

154) Improper Initialization

EUVDB-ID: #VU91552

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26876

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper initialization within the adv7511_probe() function in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

155) Memory leak

EUVDB-ID: #VU90468

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26900

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

156) Buffer overflow

EUVDB-ID: #VU91311

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26915

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the vega20_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega20_ih.c, within the vega10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega10_ih.c, within the tonga_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/tonga_ih.c, within the si_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/si_ih.c, within the navi10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/navi10_ih.c, within the iceland_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/iceland_ih.c, within the cz_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cz_ih.c, within the cik_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cik_ih.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

157) Buffer overflow

EUVDB-ID: #VU93805

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26920

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the register_snapshot_trigger() function in kernel/trace/trace_events_trigger.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

158) Integer underflow

EUVDB-ID: #VU91672

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26921

CWE-ID: CWE-191 - Integer underflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to integer underflow within the nf_ct_frag6_queue() and nf_ct_frag6_gather() functions in net/ipv6/netfilter/nf_conntrack_reasm.c, within the ip_frag_queue() and ip_defrag() functions in net/ipv4/ip_fragment.c, within the FRAG_CB(), inet_frag_queue_insert(), inet_frag_reasm_prepare(), EXPORT_SYMBOL() and inet_frag_reasm_finish() functions in net/ipv4/inet_fragment.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

159) Double free

EUVDB-ID: #VU90894

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26929

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

160) Double free

EUVDB-ID: #VU90895

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26930

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to a double free error within the kfree() function in drivers/scsi/qla2xxx/qla_os.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

161) NULL pointer dereference

EUVDB-ID: #VU90563

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26931

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

162) Improper locking

EUVDB-ID: #VU90776

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26934

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

163) Use-after-free

EUVDB-ID: #VU91062

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26957

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

164) Use-after-free

EUVDB-ID: #VU90183

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26958

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

165) NULL pointer dereference

EUVDB-ID: #VU90557

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nv50_instobj_acquire() function in drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

166) Use-after-free

EUVDB-ID: #VU90184

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-26996

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ncm_set_alt() and ncm_disable() functions in drivers/usb/gadget/function/f_ncm.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

167) Out-of-bounds read

EUVDB-ID: #VU91095

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27008

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

168) Incorrect calculation

EUVDB-ID: #VU93759

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27054

CWE-ID: CWE-682 - Incorrect Calculation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

169) Division by zero

EUVDB-ID: #VU91374

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27059

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

170) Race condition

EUVDB-ID: #VU91471

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27062

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the nvkm_object_search() and nvkm_object_remove() functions in drivers/gpu/drm/nouveau/nvkm/core/object.c, within the nvkm_client_new() function in drivers/gpu/drm/nouveau/nvkm/core/client.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

171) Memory leak

EUVDB-ID: #VU90449

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27388

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

172) Use-after-free

EUVDB-ID: #VU90168

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27396

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the gtp_dellink() function in drivers/net/gtp.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

173) Use-after-free

EUVDB-ID: #VU89672

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27398

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

174) Buffer overflow

EUVDB-ID: #VU89675

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27401

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

175) Race condition within a thread

EUVDB-ID: #VU91429

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27419

CWE-ID: CWE-366 - Race Condition within a Thread

Exploit availability: No

Description

The vulnerability allows a local user to manipulate data.

The vulnerability exists due to a data race within the nr_state1_machine(), nr_state2_machine() and nr_state3_machine() functions in net/netrom/nr_in.c, within the nr_rx_frame() function in net/netrom/af_netrom.c. A local user can manipulate data.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

176) Out-of-bounds write

EUVDB-ID: #VU93594

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-27436

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

177) Use-after-free

EUVDB-ID: #VU90167

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

178) Use-after-free

EUVDB-ID: #VU90165

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35791

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the svm_register_enc_region() function in arch/x86/kvm/svm/sev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

179) Improper error handling

EUVDB-ID: #VU90947

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35809

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

180) Use-after-free

EUVDB-ID: #VU90164

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35811

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

181) Resource management error

EUVDB-ID: #VU93591

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35830

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

182) Information disclosure

EUVDB-ID: #VU91345

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35849

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the init_data_container() function in fs/btrfs/backref.c. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

183) Memory leak

EUVDB-ID: #VU91638

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35877

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

184) NULL pointer dereference

EUVDB-ID: #VU90508

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35878

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

185) Use-after-free

EUVDB-ID: #VU90159

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35887

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

186) Improper locking

EUVDB-ID: #VU90752

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35895

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

187) Improper locking

EUVDB-ID: #VU90753

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35914

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the lock_rename() and unlock_rename() functions in fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

188) Use-after-free

EUVDB-ID: #VU90146

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35932

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vc4_prepare_fb() and vc4_cleanup_fb() functions in drivers/gpu/drm/vc4/vc4_plane.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

189) Improper error handling

EUVDB-ID: #VU90944

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35935

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

190) Improper error handling

EUVDB-ID: #VU90942

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35936

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

191) Resource management error

EUVDB-ID: #VU93839

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35944

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

192) Use-after-free

EUVDB-ID: #VU90145

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35955

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

193) Use-after-free

EUVDB-ID: #VU90143

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35969

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

194) Infinite loop

EUVDB-ID: #VU91411

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35982

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

195) NULL pointer dereference

EUVDB-ID: #VU91458

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-35984

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i2c_check_for_quirks() function in drivers/i2c/i2c-core-base.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

196) Unchecked Return Value

EUVDB-ID: #VU89896

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36015

CWE-ID: CWE-252 - Unchecked Return Value

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an unchecked return value within the register_device() function in drivers/char/ppdev.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

197) Resource management error

EUVDB-ID: #VU92981

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36029

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the sdhci_msm_runtime_suspend() and sdhci_msm_runtime_resume() functions in drivers/mmc/host/sdhci-msm.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

198) Memory leak

EUVDB-ID: #VU90431

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-36954

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Real Time 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

kernel-rt_debug: before 4.12.14-10.188.1

kernel-rt: before 4.12.14-10.188.1

kernel-source-rt: before 4.12.14-10.188.1

kernel-devel-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel: before 4.12.14-10.188.1

kernel-rt_debug-debuginfo: before 4.12.14-10.188.1

dlm-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt: before 4.12.14-10.188.1

kernel-rt-base-debuginfo: before 4.12.14-10.188.1

kernel-rt-base: before 4.12.14-10.188.1

kernel-rt-devel-debuginfo: before 4.12.14-10.188.1

kernel-rt-debuginfo: before 4.12.14-10.188.1

gfs2-kmp-rt: before 4.12.14-10.188.1

ocfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-syms-rt: before 4.12.14-10.188.1

kernel-rt_debug-devel-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt: before 4.12.14-10.188.1

dlm-kmp-rt-debuginfo: before 4.12.14-10.188.1

cluster-md-kmp-rt-debuginfo: before 4.12.14-10.188.1

kernel-rt_debug-debugsource: before 4.12.14-10.188.1

kernel-rt-debugsource: before 4.12.14-10.188.1

kernel-rt-devel: before 4.12.14-10.188.1

gfs2-kmp-rt-debuginfo: before 4.12.14-10.188.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2024/suse-su-20241983-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###