SUSE update for the Linux Kernel
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 249 |
| CVE-ID | CVE-2021-4439 CVE-2021-47089 CVE-2021-47432 CVE-2021-47515 CVE-2021-47534 CVE-2021-47538 CVE-2021-47539 CVE-2021-47555 CVE-2021-47566 CVE-2021-47571 CVE-2021-47572 CVE-2021-47576 CVE-2021-47577 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47589 CVE-2021-47592 CVE-2021-47595 CVE-2021-47596 CVE-2021-47597 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47604 CVE-2021-47605 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47610 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48714 CVE-2022-48715 CVE-2022-48716 CVE-2022-48717 CVE-2022-48718 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48733 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48753 CVE-2022-48754 CVE-2022-48755 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48766 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48770 CVE-2022-48771 CVE-2022-48772 CVE-2023-24023 CVE-2023-52622 CVE-2023-52658 CVE-2023-52667 CVE-2023-52670 CVE-2023-52672 CVE-2023-52675 CVE-2023-52735 CVE-2023-52737 CVE-2023-52752 CVE-2023-52766 CVE-2023-52784 CVE-2023-52787 CVE-2023-52800 CVE-2023-52835 CVE-2023-52837 CVE-2023-52843 CVE-2023-52845 CVE-2023-52846 CVE-2023-52869 CVE-2023-52881 CVE-2023-52882 CVE-2023-52884 CVE-2024-26625 CVE-2024-26644 CVE-2024-26720 CVE-2024-26842 CVE-2024-26845 CVE-2024-26923 CVE-2024-26973 CVE-2024-27432 CVE-2024-33619 CVE-2024-35247 CVE-2024-35789 CVE-2024-35790 CVE-2024-35807 CVE-2024-35814 CVE-2024-35835 CVE-2024-35848 CVE-2024-35857 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35869 CVE-2024-35878 CVE-2024-35884 CVE-2024-35886 CVE-2024-35896 CVE-2024-35898 CVE-2024-35900 CVE-2024-35905 CVE-2024-35925 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35962 CVE-2024-35997 CVE-2024-36005 CVE-2024-36008 CVE-2024-36017 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36890 CVE-2024-36894 CVE-2024-36899 CVE-2024-36900 CVE-2024-36904 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36934 CVE-2024-36937 CVE-2024-36940 CVE-2024-36945 CVE-2024-36949 CVE-2024-36960 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36975 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37354 CVE-2024-38381 CVE-2024-38388 CVE-2024-38390 CVE-2024-38540 CVE-2024-38541 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38552 CVE-2024-38553 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38565 CVE-2024-38567 CVE-2024-38568 CVE-2024-38571 CVE-2024-38573 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38587 CVE-2024-38590 CVE-2024-38591 CVE-2024-38594 CVE-2024-38597 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38616 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38659 CVE-2024-38661 CVE-2024-38780 CVE-2024-39301 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 |
| CWE-ID | CWE-125 CWE-401 CWE-190 CWE-476 CWE-200 CWE-119 CWE-416 CWE-399 CWE-908 CWE-369 CWE-667 CWE-20 CWE-835 CWE-388 CWE-193 CWE-191 CWE-362 CWE-347 CWE-415 CWE-451 CWE-366 CWE-682 CWE-665 CWE-269 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #100 is available. Vulnerability #186 is being exploited in the wild. |
| Vulnerable software Subscribe |
Public Cloud Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system kernel-azure-vdso-debuginfo Operating systems & Components / Operating system package or component kernel-azure-vdso Operating systems & Components / Operating system package or component dlm-kmp-azure Operating systems & Components / Operating system package or component cluster-md-kmp-azure Operating systems & Components / Operating system package or component gfs2-kmp-azure Operating systems & Components / Operating system package or component kernel-azure-optional-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-extra Operating systems & Components / Operating system package or component gfs2-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kselftests-kmp-azure Operating systems & Components / Operating system package or component kernel-azure-livepatch-devel Operating systems & Components / Operating system package or component reiserfs-kmp-azure-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-azure-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-azure Operating systems & Components / Operating system package or component dlm-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kselftests-kmp-azure-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-azure Operating systems & Components / Operating system package or component kernel-azure-extra-debuginfo Operating systems & Components / Operating system package or component kernel-azure-optional Operating systems & Components / Operating system package or component kernel-source-azure Operating systems & Components / Operating system package or component kernel-devel-azure Operating systems & Components / Operating system package or component kernel-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-debugsource Operating systems & Components / Operating system package or component kernel-azure-devel Operating systems & Components / Operating system package or component kernel-syms-azure Operating systems & Components / Operating system package or component kernel-azure-devel-debuginfo Operating systems & Components / Operating system package or component kernel-azure Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 249 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU92900
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-4439
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU90020
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47089
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kfence_debugfs_init() function in mm/kfence/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Integer overflow
EUVDB-ID: #VU91179
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47432
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the __genradix_iter_peek() function in lib/generic-radix-tree.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU90391
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47515
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the seg6_do_srh_encap() function in net/ipv6/seg6_iptunnel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Memory leak
EUVDB-ID: #VU91617
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47534
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vc4_atomic_commit_tail() function in drivers/gpu/drm/vc4/vc4_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Information disclosure
EUVDB-ID: #VU91325
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47538
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the rxrpc_create_peer(), rxrpc_lookup_peer(), __rxrpc_put_peer() and rxrpc_put_peer_locked() functions in net/rxrpc/peer_object.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Information disclosure
EUVDB-ID: #VU91328
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47539
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the rxrpc_get_bundle() and rxrpc_look_up_bundle() functions in net/rxrpc/conn_client.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU91616
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47555
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vlan_dev_init() function in net/8021q/vlan_dev.c, within the register_vlan_dev() function in net/8021q/vlan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU93289
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47566
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the read_from_oldmem() function in fs/proc/vmcore.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU91051
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47571
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the _rtl92e_pci_disconnect() function in drivers/staging/rtl8192e/rtl8192e/rtl_core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) NULL pointer dereference
EUVDB-ID: #VU90402
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47572
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nh_create_ipv6() function in net/ipv4/nexthop.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Use-after-free
EUVDB-ID: #VU92299
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47576
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the resp_mode_select() function in drivers/scsi/scsi_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource management error
EUVDB-ID: #VU93265
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47577
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the io_acct_cancel_pending_work(), io_queue_worker_create(), io_wq_exit_start() and io_wq_exit_workers() functions in fs/io-wq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU92340
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47578
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the resp_verify() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU92318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47580
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the p_fill_from_dev_buffer(), resp_inquiry(), resp_requests(), resp_mode_sense(), resp_ie_l_pg(), resp_log_sense() and resp_report_zones() functions in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU93277
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47582
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the usbdev_release(), do_proc_control() and do_proc_bulk() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use of uninitialized resource
EUVDB-ID: #VU92933
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47583
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the mxl111sf_init() and mxl111sf_get_stream_config_dvbt() functions in drivers/media/usb/dvb-usb-v2/mxl111sf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Division by zero
EUVDB-ID: #VU92379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47584
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the ioc_timer_fn() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory leak
EUVDB-ID: #VU92290
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47585
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Out-of-bounds read
EUVDB-ID: #VU92315
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47586
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rk_gmac_setup() function in drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Improper locking
EUVDB-ID: #VU92353
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tdma_port_write_desc_addr() and bcm_sysport_open() functions in drivers/net/ethernet/broadcom/bcmsysport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use-after-free
EUVDB-ID: #VU92300
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47589
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) NULL pointer dereference
EUVDB-ID: #VU92334
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47592
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tc_setup_cls_u32(), tc_init(), tc_del_flow() and tc_add_vlan_flow() functions in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU93133
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47595
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU92301
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47596
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hclgevf_send_mbx_msg() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use of uninitialized resource
EUVDB-ID: #VU92934
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47597
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the inet_sk_diag_fill() function in net/ipv4/inet_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU92303
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47600
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) NULL pointer dereference
EUVDB-ID: #VU92337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47601
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the copy_ta_binary() function in drivers/tee/amdtee/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use of uninitialized resource
EUVDB-ID: #VU92372
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47602
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ieee80211_sta_tx_wmm_ac_notify() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper locking
EUVDB-ID: #VU92355
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47603
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kauditd_send_queue() and audit_net_init() functions in kernel/audit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU92316
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47604
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vduse_vdpa_get_config() function in drivers/vdpa/vdpa_user/vduse_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU92317
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47605
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vduse_dev_ioctl() function in drivers/vdpa/vdpa_user/vduse_dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Memory leak
EUVDB-ID: #VU92291
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47607
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_atomic() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Memory leak
EUVDB-ID: #VU92292
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47608
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the check_atomic() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Buffer overflow
EUVDB-ID: #VU93303
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47609
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) NULL pointer dereference
EUVDB-ID: #VU92338
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47610
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_ioctl_gem_submit() function in drivers/gpu/drm/msm/msm_gem_submit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Input validation error
EUVDB-ID: #VU93309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47611
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ieee802_11_parse_elems_crc() function in net/mac80211/util.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) NULL pointer dereference
EUVDB-ID: #VU92339
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47612
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_devices_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU92993
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47614
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the add_pble_prm() function in drivers/infiniband/hw/irdma/pble.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper locking
EUVDB-ID: #VU92357
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47615
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_ib_dereg_mr(), mlx5_ib_alloc_pi_mr() and __mlx5_ib_alloc_mr() functions in drivers/infiniband/hw/mlx5/mr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU92304
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47616
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rxe_qp_from_init() function in drivers/infiniband/sw/rxe/rxe_qp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Infinite loop
EUVDB-ID: #VU92929
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47617
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the pciehp_ist() function in drivers/pci/hotplug/pciehp_hpc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU92918
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47618
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the obj-$() function in arch/arm/probes/kprobes/Makefile. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU92919
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47619
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Out-of-bounds read
EUVDB-ID: #VU92905
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47620
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_le_adv_report_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Input validation error
EUVDB-ID: #VU92925
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48711
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tipc_mon_rcv() function in net/tipc/monitor.c, within the tipc_link_proto_rcv() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper error handling
EUVDB-ID: #VU92926
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48712
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the ext4_fc_record_modified_inode(), ext4_fc_replay_inode(), ext4_fc_replay_add_range(), ext4_ext_replay_shrink_inode() and ext4_fc_replay_del_range() functions in fs/ext4/fast_commit.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) NULL pointer dereference
EUVDB-ID: #VU92920
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48713
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pt_handle_status() function in arch/x86/events/intel/pt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Out-of-bounds read
EUVDB-ID: #VU92906
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48714
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bpf_ringbuf_area_alloc() function in kernel/bpf/ringbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Resource management error
EUVDB-ID: #VU93180
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48715
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_l2_rcv_thread() and bnx2fc_recv_frame() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Buffer overflow
EUVDB-ID: #VU93249
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48716
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the wcd938x_sdw_connect_port(), wcd938x_set_compander(), wcd938x_get_swr_port() and wcd938x_set_swr_port() functions in sound/soc/codecs/wcd938x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Out-of-bounds read
EUVDB-ID: #VU92907
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48717
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the speaker_gain_control_put() function in sound/soc/codecs/max9759.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) NULL pointer dereference
EUVDB-ID: #VU92921
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48718
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mxsfb_crtc_atomic_enable() function in drivers/gpu/drm/mxsfb/mxsfb_kms.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Memory leak
EUVDB-ID: #VU92891
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48720
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the macsec_common_dellink() and macsec_dellink() functions in drivers/net/macsec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Improper locking
EUVDB-ID: #VU92924
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48721
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_stat_fallback(), smc_switch_to_fallback() and smc_clcsock_data_ready() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Memory leak
EUVDB-ID: #VU92892
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48722
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Memory leak
EUVDB-ID: #VU92893
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48723
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uniphier_spi_probe() function in drivers/spi/spi-uniphier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Memory leak
EUVDB-ID: #VU92880
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48724
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the intel_setup_irq_remapping() function in drivers/iommu/intel_irq_remapping.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Memory leak
EUVDB-ID: #VU92881
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48725
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the siw_create_qp() function in drivers/infiniband/sw/siw/siw_verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Use-after-free
EUVDB-ID: #VU92894
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48726
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ucma_alloc_ctx(), ucma_cleanup_multicast(), ucma_process_join(), mutex_unlock() and ucma_leave_multicast() functions in drivers/infiniband/core/ucma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improper error handling
EUVDB-ID: #VU92939
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48727
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the arch/arm64/kvm/hyp/include/hyp/switch.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) NULL pointer dereference
EUVDB-ID: #VU92908
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48728
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hfi1_ipoib_netdev_dtor() and hfi1_ipoib_setup_rn() functions in drivers/infiniband/hw/hfi1/ipoib_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Resource management error
EUVDB-ID: #VU92958
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48729
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the hfi1_ipoib_txreq_init() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Memory leak
EUVDB-ID: #VU92882
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48730
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dma_heap_ioctl() function in drivers/dma-buf/dma-heap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Off-by-one
EUVDB-ID: #VU92927
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48732
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the nvbios_addr() function in drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Use-after-free
EUVDB-ID: #VU92895
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48733
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_wait_delalloc_flush() and btrfs_commit_transaction() functions in fs/btrfs/transaction.c, within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU92922
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48734
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the btrfs_quota_disable() and qgroup_rescan_init() functions in fs/btrfs/qgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Use-after-free
EUVDB-ID: #VU92896
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the snd_hda_gen_spec_free() and create_mute_led_cdev() functions in sound/pci/hda/hda_generic.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Out-of-bounds read
EUVDB-ID: #VU92901
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48736
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_xr_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Out-of-bounds read
EUVDB-ID: #VU92902
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48737
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Out-of-bounds read
EUVDB-ID: #VU92903
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48738
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Out-of-bounds read
EUVDB-ID: #VU92904
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48739
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the include/uapi/sound/asound.h, sound/soc/codecs/hdmi-codec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) NULL pointer dereference
EUVDB-ID: #VU92909
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48740
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cond_list_destroy() and cond_read_list() functions in security/selinux/ss/conditional.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Integer underflow
EUVDB-ID: #VU92928
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48743
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the xgbe_rx_buf2_len() function in drivers/net/ethernet/amd/xgbe/xgbe-drv.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Buffer overflow
EUVDB-ID: #VU92950
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48744
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the mlx5e_xmit_xdp_frame() function in drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Race condition
EUVDB-ID: #VU92930
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48745
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the mlx5_stop_sync_reset_poll() function in drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) NULL pointer dereference
EUVDB-ID: #VU92911
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48746
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_rep_bond_unslave(), mlx5e_rep_changelowerstate_event(), mlx5e_rep_changeupper_event() and mlx5e_rep_esw_bond_netevent() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Use of uninitialized resource
EUVDB-ID: #VU92932
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48747
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the bio_truncate() function in block/bio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Memory leak
EUVDB-ID: #VU92884
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48748
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __allowed_ingress() function in net/bridge/br_vlan.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) NULL pointer dereference
EUVDB-ID: #VU92912
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48749
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dpu_setup_dspp_pcc() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) NULL pointer dereference
EUVDB-ID: #VU92914
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48751
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_stat_fallback(), smc_switch_to_fallback(), smc_listen_decline(), smc_listen_work(), smc_sendmsg(), smc_setsockopt() and smc_getsockopt() functions in net/smc/af_smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Resource management error
EUVDB-ID: #VU92959
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48752
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the power_pmu_disable() function in arch/powerpc/perf/core-book3s.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Memory leak
EUVDB-ID: #VU92885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48753
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the disk_register_independent_access_ranges() function in block/blk-ia-ranges.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Use-after-free
EUVDB-ID: #VU92898
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Resource management error
EUVDB-ID: #VU92978
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48755
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EMIT() function in arch/powerpc/net/bpf_jit_comp64.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) NULL pointer dereference
EUVDB-ID: #VU92915
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48756
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the msm_dsi_phy_driver_unregister() function in drivers/gpu/drm/msm/dsi/phy/dsi_phy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Resource management error
EUVDB-ID: #VU92960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48758
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Race condition
EUVDB-ID: #VU92931
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48759
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rpmsg_ctrldev_release_device(), rpmsg_chrdev_probe() and rpmsg_chrdev_remove() functions in drivers/rpmsg/rpmsg_char.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Buffer overflow
EUVDB-ID: #VU92976
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48760
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Resource management error
EUVDB-ID: #VU92979
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48761
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the xhci_plat_suspend() function in drivers/usb/host/xhci-plat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Memory leak
EUVDB-ID: #VU92887
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48763
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kvm_vcpu_ioctl_x86_set_vcpu_events() function in arch/x86/kvm/x86.c, within the nested_vmx_hardware_setup() function in arch/x86/kvm/vmx/nested.c, within the svm_set_efer() function in arch/x86/kvm/svm/svm.c, within the svm_free_nested() and svm_set_nested_state() functions in arch/x86/kvm/svm/nested.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Resource management error
EUVDB-ID: #VU93276
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48765
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kvm_apic_set_state() function in arch/x86/kvm/lapic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Resource management error
EUVDB-ID: #VU93290
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48766
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dcn301_fpu_init_soc_bounding_box() function in drivers/gpu/drm/amd/display/dc/dml/dcn301/dcn301_fpu.c, within the set_wm_ranges() function in drivers/gpu/drm/amd/display/dc/dcn301/dcn301_resource.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Memory leak
EUVDB-ID: #VU92889
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48767
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the restore_deleg_ino() function in fs/ceph/file.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Memory leak
EUVDB-ID: #VU92890
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48768
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the trace_action_create() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Buffer overflow
EUVDB-ID: #VU93248
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48769
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the efi_systab_report_header() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Resource management error
EUVDB-ID: #VU92980
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48770
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the BPF_CALL_4() function in kernel/bpf/stackmap.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Use-after-free
EUVDB-ID: #VU92899
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48771
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) NULL pointer dereference
EUVDB-ID: #VU93327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48772
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lgdt3306a_probe() function in drivers/media/dvb-frontends/lgdt3306a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU83116
Risk: Medium
CVSSv3.1: 6.1 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2023-24023
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a MitM attack.
The vulnerability exists due to improper verification of cryptographic signature in bluetooth implementation. A remote attacker with physical proximity to the system can perform MitM attack and potentially compromise the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
101) Buffer overflow
EUVDB-ID: #VU93471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52622
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the alloc_flex_gd() and ext4_setup_next_flex_gd() functions in fs/ext4/resize.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Input validation error
EUVDB-ID: #VU93683
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52658
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the esw_inline_mode_to_devlink() and mlx5_devlink_eswitch_mode_set() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Double free
EUVDB-ID: #VU90922
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52667
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the fs_any_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en/fs_tt_redirect.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Memory leak
EUVDB-ID: #VU89988
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52670
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_rpmsg_release_device() function in drivers/rpmsg/virtio_rpmsg_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Improper locking
EUVDB-ID: #VU92024
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52672
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pipe_resize_ring() and pipe_set_size() functions in fs/pipe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) NULL pointer dereference
EUVDB-ID: #VU90547
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52675
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the update_events_in_group() function in arch/powerpc/perf/imc-pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Memory leak
EUVDB-ID: #VU91621
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52735
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sock_map_unhash(), sock_map_destroy() and sock_map_close() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Improper locking
EUVDB-ID: #VU90740
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52737
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the extent_fiemap() and unlock_extent() functions in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Use-after-free
EUVDB-ID: #VU90068
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52752
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) Out-of-bounds read
EUVDB-ID: #VU91086
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52766
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hci_dma_irq_handler() function in drivers/i3c/master/mipi-i3c-hci/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Improper error handling
EUVDB-ID: #VU93650
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52784
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Resource management error
EUVDB-ID: #VU92966
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52787
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the blk_mq_get_new_requests(), blk_mq_get_cached_request() and blk_mq_submit_bio() functions in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Use-after-free
EUVDB-ID: #VU90071
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52800
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath11k_htt_pktlog() function in drivers/net/wireless/ath/ath11k/dp_rx.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Out-of-bounds read
EUVDB-ID: #VU91084
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52835
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rb_alloc_aux() function in kernel/events/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Use-after-free
EUVDB-ID: #VU90080
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52837
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nbd_dev_remove(), nbd_release() and IS_ENABLED() functions in drivers/block/nbd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Use of uninitialized resource
EUVDB-ID: #VU90868
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52843
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the llc_station_ac_send_test_r() function in net/llc/llc_station.c, within the llc_sap_action_send_test_r() function in net/llc/llc_s_ac.c, within the llc_fixup_skb() function in net/llc/llc_input.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Use of uninitialized resource
EUVDB-ID: #VU90867
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52845
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the net/tipc/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Use-after-free
EUVDB-ID: #VU91055
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52846
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the prp_create_tagged_frame() function in net/hsr/hsr_forward.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) NULL pointer dereference
EUVDB-ID: #VU90423
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52869
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pstore_register() function in fs/pstore/platform.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Spoofing attack
EUVDB-ID: #VU89895
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52881
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Input validation error
EUVDB-ID: #VU93673
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52882
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Improper locking
EUVDB-ID: #VU93035
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52884
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cyapa_suspend() and cyapa_resume() functions in drivers/input/mouse/cyapa.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Use-after-free
EUVDB-ID: #VU87344
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26625
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in net/llc/af_llc.c when handling orphan sockets. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Improper locking
EUVDB-ID: #VU91535
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the create_snapshot() function in fs/btrfs/ioctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Division by zero
EUVDB-ID: #VU91379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26720
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the wb_dirty_limits() function in mm/page-writeback.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Out-of-bounds read
EUVDB-ID: #VU91097
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26842
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ufshcd_cmd_inflight() and ufshcd_clear_cmd() functions in drivers/ufs/core/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Improper locking
EUVDB-ID: #VU93388
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26845
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the transport_generic_handle_tmr() function in drivers/target/target_core_transport.c, within the transport_lookup_tmr_lun() and rcu_dereference_raw() functions in drivers/target/target_core_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Improper locking
EUVDB-ID: #VU92035
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26923
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Information disclosure
EUVDB-ID: #VU91360
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26973
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Resource management error
EUVDB-ID: #VU93774
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27432
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_ppe_start() and mtk_ppe_stop() functions in drivers/net/ethernet/mediatek/mtk_ppe.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Use of uninitialized resource
EUVDB-ID: #VU93041
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-33619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the efi_free() function in drivers/firmware/efi/libstub/fdt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) NULL pointer dereference
EUVDB-ID: #VU93122
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35247
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_region_get(), fpga_region_put(), ATTRIBUTE_GROUPS(), fpga_region_register_full(), ERR_PTR() and EXPORT_SYMBOL_GPL() functions in drivers/fpga/fpga-region.c, within the fpga_region_register_full() function in Documentation/driver-api/fpga/fpga-region.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Use-after-free
EUVDB-ID: #VU90167
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35789
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) NULL pointer dereference
EUVDB-ID: #VU90554
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35790
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hpd_show(), dp_altmode_probe(), dp_altmode_remove() and module_typec_altmode_driver() functions in drivers/usb/typec/altmodes/displayport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Resource management error
EUVDB-ID: #VU93270
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35807
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Resource management error
EUVDB-ID: #VU91612
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35814
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to double allocation of slots within the swiotlb_area_find_slots() function in kernel/dma/swiotlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Double free
EUVDB-ID: #VU90923
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35835
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the arfs_create_groups() function in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Buffer overflow
EUVDB-ID: #VU91199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35848
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) NULL pointer dereference
EUVDB-ID: #VU91235
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35857
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the icmp_build_probe() function in net/ipv4/icmp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Use-after-free
EUVDB-ID: #VU90150
Risk: Medium
CVSSv3.1: 5 [AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35861
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_signal_cifsd_for_reconnect() function in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU90152
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35862
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_network_name_deleted() function in fs/smb/client/smb2ops.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Use-after-free
EUVDB-ID: #VU90149
Risk: Medium
CVSSv3.1: 5 [AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35864
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Use-after-free
EUVDB-ID: #VU90157
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35869
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the tcon_info_alloc() and tconInfoFree() functions in fs/smb/client/misc.c, within the dfs_cache_remount_fs() function in fs/smb/client/dfs_cache.c, within the get_session(), __dfs_mount_share() and dfs_mount_share() functions in fs/smb/client/dfs.c, within the match_session(), cifs_get_smb_ses(), cifs_mount_put_conns() and cifs_mount() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) NULL pointer dereference
EUVDB-ID: #VU90508
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Buffer overflow
EUVDB-ID: #VU93150
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c, within the __udp_is_mcast_sock() function in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Infinite loop
EUVDB-ID: #VU91413
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35886
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Out-of-bounds read
EUVDB-ID: #VU90309
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35896
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Race condition within a thread
EUVDB-ID: #VU91427
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35898
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Incorrect calculation
EUVDB-ID: #VU93613
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35900
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Out-of-bounds read
EUVDB-ID: #VU90307
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35905
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_stack_access_within_bounds() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Division by zero
EUVDB-ID: #VU91373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35925
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Use-after-free
EUVDB-ID: #VU92212
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35950
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Information disclosure
EUVDB-ID: #VU91343
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35956
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the btrfs_subvolume_reserve_metadata() function in fs/btrfs/root-tree.c, within the create_subvol() and create_snapshot() functions in fs/btrfs/ioctl.c, within the btrfs_delete_subvolume() and btrfs_end_transaction() functions in fs/btrfs/inode.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Resource management error
EUVDB-ID: #VU93255
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35958
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Improper Initialization
EUVDB-ID: #VU93351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35960
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Input validation error
EUVDB-ID: #VU93176
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35962
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Infinite loop
EUVDB-ID: #VU91412
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-35997
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the __i2c_hid_command() and i2c_hid_irq() functions in drivers/hid/i2c-hid/i2c-hid-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Resource management error
EUVDB-ID: #VU93190
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36005
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_netdev_event() function in net/netfilter/nft_chain_filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) NULL pointer dereference
EUVDB-ID: #VU92068
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36008
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ip_route_use_hint() function in net/ipv4/route.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Out-of-bounds read
EUVDB-ID: #VU93081
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36017
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Use of uninitialized resource
EUVDB-ID: #VU91675
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36020
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the i40e_reset_all_vfs() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Improper Initialization
EUVDB-ID: #VU91548
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36021
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hclge_init_ae_dev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Off-by-one
EUVDB-ID: #VU91172
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36025
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the qla_edif_app_getstats() function in drivers/scsi/qla2xxx/qla_edif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Out-of-bounds read
EUVDB-ID: #VU93022
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36477
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the tpm_tis_spi_write_bytes() function in drivers/char/tpm/tpm_tis_spi_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) NULL pointer dereference
EUVDB-ID: #VU93029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36478
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nullb_update_nr_hw_queues(), nullb_device_power_store(), null_add_dev() and null_create_dev() functions in drivers/block/null_blk/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) NULL pointer dereference
EUVDB-ID: #VU93123
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36479
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fpga_bridge_disable(), of_fpga_bridge_get(), fpga_bridge_dev_match(), fpga_bridge_get(), fpga_bridge_put(), ATTRIBUTE_GROUPS(), fpga_bridge_register() and ERR_PTR() functions in drivers/fpga/fpga-bridge.c, within the fpga_bridge_register() function in Documentation/driver-api/fpga/fpga-bridge.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Resource management error
EUVDB-ID: #VU93391
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36890
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/slab.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Improper locking
EUVDB-ID: #VU90735
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36894
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Use-after-free
EUVDB-ID: #VU90048
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36899
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gpio_chrdev_release() function in drivers/gpio/gpiolib-cdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Improper Initialization
EUVDB-ID: #VU91547
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36900
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hclgevf_init_hdev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c, within the hclge_init_ae_dev() and pci_free_irq_vectors() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Use-after-free
EUVDB-ID: #VU90047
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36904
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Out-of-bounds read
EUVDB-ID: #VU90268
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36915
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nfc_llcp_setsockopt() function in net/nfc/llcp_sock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Out-of-bounds read
EUVDB-ID: #VU90273
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36916
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the iocg_kick_delay() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Buffer overflow
EUVDB-ID: #VU92094
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36917
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the blk_ioctl_discard() function in block/ioctl.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Improper locking
EUVDB-ID: #VU92010
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36919
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Out-of-bounds read
EUVDB-ID: #VU90266
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36934
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) NULL pointer dereference
EUVDB-ID: #VU90529
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36937
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __xdp_do_redirect_frame(), EXPORT_SYMBOL_GPL(), xdp_do_generic_redirect_map() and xdp_do_generic_redirect() functions in net/core/filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Double Free
EUVDB-ID: #VU90885
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36940
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Information disclosure
EUVDB-ID: #VU91322
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36945
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the smc_ib_find_route() function in net/smc/smc_ib.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Improper locking
EUVDB-ID: #VU93436
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36949
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the kgd2kfd_suspend() and kgd2kfd_resume() functions in drivers/gpu/drm/amd/amdkfd/kfd_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Out-of-bounds read
EUVDB-ID: #VU90819
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36960
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the vmw_event_fence_action_create() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Improper privilege management
EUVDB-ID: #VU93734
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36964
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Buffer overflow
EUVDB-ID: #VU93307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36965
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the scp_elf_read_ipi_buf_addr() and scp_ipi_init() functions in drivers/remoteproc/mtk_scp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Memory leak
EUVDB-ID: #VU91561
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36967
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Division by zero
EUVDB-ID: #VU91563
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36969
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the setup_dsc_config() function in drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Use-after-free
EUVDB-ID: #VU91597
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2024-36971
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
187) Race condition
EUVDB-ID: #VU93374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36975
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the tpm2_key_encode() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Out-of-bounds read
EUVDB-ID: #VU92332
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-36978
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the multiq_tune() function in net/sched/sch_multiq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) NULL pointer dereference
EUVDB-ID: #VU93124
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37021
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ATTRIBUTE_GROUPS(), fpga_mgr_dev_match(), EXPORT_SYMBOL_GPL(), fpga_mgr_unlock(), fpga_mgr_register_full(), ERR_PTR(), fpga_mgr_register(), devm_fpga_mgr_unregister(), devm_fpga_mgr_register_full() and devm_fpga_mgr_register() functions in drivers/fpga/fpga-mgr.c, within the fpga_mgr_register() and fpga_mgr_register_full() functions in Documentation/driver-api/fpga/fpga-mgr.rst. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Improper locking
EUVDB-ID: #VU93342
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37078
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_prepare_write() function in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
191) Race condition
EUVDB-ID: #VU93373
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-37354
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the btrfs_log_prealloc_extents() function in fs/btrfs/tree-log.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
192) Use of uninitialized resource
EUVDB-ID: #VU93042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38381
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_core_ntf_packet() and nci_rx_work() functions in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
193) Memory leak
EUVDB-ID: #VU93018
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38388
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wmfw_convert_flags(), hda_cs_dsp_add_kcontrol(), hda_cs_dsp_control_add() and hda_cs_dsp_control_remove() functions in sound/pci/hda/hda_cs_dsp_ctl.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
194) NULL pointer dereference
EUVDB-ID: #VU93031
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38390
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the a6xx_gpu_init() function in drivers/gpu/drm/msm/adreno/a6xx_gpu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
195) Out-of-bounds read
EUVDB-ID: #VU92331
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38540
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bnxt_qplib_create_qp() function in drivers/infiniband/hw/bnxt_re/qplib_fp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
196) Buffer overflow
EUVDB-ID: #VU92376
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38541
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
197) Buffer overflow
EUVDB-ID: #VU93344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38544
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the rxe_comp_queue_pkt() function in drivers/infiniband/sw/rxe/rxe_comp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
198) Use-after-free
EUVDB-ID: #VU92306
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38545
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
199) NULL pointer dereference
EUVDB-ID: #VU92351
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38546
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vc4_hdmi_audio_init() function in drivers/gpu/drm/vc4/vc4_hdmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
200) NULL pointer dereference
EUVDB-ID: #VU92350
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38547
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the load_video_binaries() function in drivers/staging/media/atomisp/pci/sh_css.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
201) NULL pointer dereference
EUVDB-ID: #VU92349
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38548
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cdns_mhdp_atomic_enable() function in drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
202) Resource management error
EUVDB-ID: #VU93390
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38549
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_drm_gem_init() function in drivers/gpu/drm/mediatek/mtk_drm_gem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
203) NULL pointer dereference
EUVDB-ID: #VU92348
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38550
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the kirkwood_dma_hw_params() function in sound/soc/kirkwood/kirkwood-dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
204) Out-of-bounds read
EUVDB-ID: #VU92330
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38552
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cm_helper_translate_curve_to_hw_format() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_cm_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
205) Improper locking
EUVDB-ID: #VU92369
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38553
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fec_set_mac_address() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
206) Use-after-free
EUVDB-ID: #VU92307
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38555
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cmd_comp_notifier() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
207) Out-of-bounds read
EUVDB-ID: #VU92329
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38556
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the cmd_work_handler(), wait_func() and mlx5_cmd_invoke() functions in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
208) Improper locking
EUVDB-ID: #VU92368
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38557
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the enable_mpesw() and mlx5_lag_add_devices() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/mpesw.c, within the mlx5_disable_lag() and mlx5_do_bond() functions in drivers/net/ethernet/mellanox/mlx5/core/lag/lag.c, within the esw_offloads_cleanup(), mlx5_esw_offloads_rep_load(), esw_destroy_offloads_acl_tables() and mlx5_eswitch_reload_reps() functions in drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
209) Out-of-bounds read
EUVDB-ID: #VU92328
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38559
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
210) Out-of-bounds read
EUVDB-ID: #VU92327
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38560
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
211) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU93849
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38564
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to improper checks within with bpf_prog_attach_check_attach_type() function in kernel/bpf/syscall.c. A local user can bypass certain security restrictions.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
212) Resource management error
EUVDB-ID: #VU93836
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38565
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ar5523_probe() function in drivers/net/wireless/ath/ar5523/ar5523.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
213) Input validation error
EUVDB-ID: #VU92370
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38567
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the carl9170_usb_probe() function in drivers/net/wireless/ath/carl9170/usb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
214) Out-of-bounds read
EUVDB-ID: #VU92325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38568
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the hns3_pmu_validate_event_group() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
215) NULL pointer dereference
EUVDB-ID: #VU92346
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38571
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the compute_intercept_slope() function in drivers/thermal/qcom/tsens.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
216) NULL pointer dereference
EUVDB-ID: #VU92345
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38573
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() functions in drivers/cpufreq/cppc_cpufreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
217) Out-of-bounds read
EUVDB-ID: #VU92322
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38578
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the write_tag_66_packet() function in fs/ecryptfs/keystore.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
218) Buffer overflow
EUVDB-ID: #VU92953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38579
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the spu2_dump_omd() function in drivers/crypto/bcm/spu2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
219) Improper locking
EUVDB-ID: #VU92367
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38580
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ep_eventpoll_poll() function in fs/eventpoll.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
220) Use-after-free
EUVDB-ID: #VU92310
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38581
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_mes_remove_ring() function in drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
221) Improper locking
EUVDB-ID: #VU92366
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38582
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nilfs_segctor_sync(), nilfs_segctor_wakeup(), nilfs_segctor_notify() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
222) Use-after-free
EUVDB-ID: #VU92311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38583
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nilfs_segctor_start_timer(), nilfs_construct_dsync_segment(), nilfs_segctor_notify(), nilfs_segctor_thread(), nilfs_segctor_new() and nilfs_segctor_destroy() functions in fs/nilfs2/segment.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
223) Out-of-bounds read
EUVDB-ID: #VU92321
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38587
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the get_word() function in drivers/staging/speakup/main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
224) Resource management error
EUVDB-ID: #VU93087
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38590
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the get_cqe_status() function in drivers/infiniband/hw/hns/hns_roce_hw_v2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
225) Improper locking
EUVDB-ID: #VU92364
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the alloc_srqc() and free_srqc() functions in drivers/infiniband/hw/hns/hns_roce_srq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
226) Improper locking
EUVDB-ID: #VU92363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38594
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tc_taprio_configure() function in drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c, within the stmmac_adjust_time() function in drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
227) Improper locking
EUVDB-ID: #VU92361
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38597
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gem_interrupt() and gem_init_one() functions in drivers/net/ethernet/sun/sungem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
228) Out-of-bounds read
EUVDB-ID: #VU92319
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38599
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_jffs2_setxattr() function in fs/jffs2/xattr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
229) Improper locking
EUVDB-ID: #VU92360
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38600
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the snd_card_disconnect() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
230) Infinite loop
EUVDB-ID: #VU93063
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38601
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the rb_check_list() and ring_buffer_resize() functions in kernel/trace/ring_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
231) Memory leak
EUVDB-ID: #VU92297
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38603
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hns3_pmu_irq_register() function in drivers/perf/hisilicon/hns3_pmu.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
232) NULL pointer dereference
EUVDB-ID: #VU93048
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38605
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_card_new() function in sound/core/init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
233) NULL pointer dereference
EUVDB-ID: #VU92341
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38608
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5e_resume(), _mlx5e_suspend(), mlx5e_suspend(), _mlx5e_probe() and _mlx5e_remove() functions in drivers/net/ethernet/mellanox/mlx5/core/en_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
234) Buffer overflow
EUVDB-ID: #VU93620
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38616
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the carl9170_tx_release() function in drivers/net/wireless/ath/carl9170/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
235) Input validation error
EUVDB-ID: #VU92371
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38618
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the snd_timer_start1() function in sound/core/timer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
236) Use of uninitialized resource
EUVDB-ID: #VU93082
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38619
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the short_pack() and alauda_check_media() functions in drivers/usb/storage/alauda.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
237) Out-of-bounds read
EUVDB-ID: #VU93025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38621
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the stk1160_buffer_done() and stk1160_copy_video() functions in drivers/media/usb/stk1160/stk1160-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
238) Double free
EUVDB-ID: #VU93040
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38627
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the stm_register_device() function in drivers/hwtracing/stm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
239) Use-after-free
EUVDB-ID: #VU93021
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38630
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cpu5wdt_exit() function in drivers/watchdog/cpu5wdt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
240) NULL pointer dereference
EUVDB-ID: #VU93032
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38633
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max3100_probe() and max3100_remove() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
241) Improper locking
EUVDB-ID: #VU93038
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the max3100_sr() and max3100_handlerx() functions in drivers/tty/serial/max3100.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
242) Out-of-bounds read
EUVDB-ID: #VU93027
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38635
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdw_cdns_alloc_pdi() function in drivers/soundwire/cadence_master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
243) Out-of-bounds read
EUVDB-ID: #VU93080
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38659
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the enic_set_vf_port() function in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
244) Improper locking
EUVDB-ID: #VU93333
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38661
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hex2bitmap() function in drivers/s390/crypto/ap_bus.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
245) Improper locking
EUVDB-ID: #VU93034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-38780
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the sync_print_obj() function in drivers/dma-buf/sync_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
246) Use of uninitialized resource
EUVDB-ID: #VU93337
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39301
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the p9_fcall_init() function in net/9p/client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
247) Improper locking
EUVDB-ID: #VU93335
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39468
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smb2_find_smb_tcon() function in fs/smb/client/smb2transport.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
248) Improper error handling
EUVDB-ID: #VU93336
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39469
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_empty_dir() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
249) Out-of-bounds read
EUVDB-ID: #VU93326
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-39471
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sdma_v4_0_process_trap_irq() function in drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-vdso: before 5.14.21-150500.33.60.1
dlm-kmp-azure: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure: before 5.14.21-150500.33.60.1
gfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-extra: before 5.14.21-150500.33.60.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
reiserfs-kmp-azure: before 5.14.21-150500.33.60.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.60.1
ocfs2-kmp-azure: before 5.14.21-150500.33.60.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-optional: before 5.14.21-150500.33.60.1
kernel-source-azure: before 5.14.21-150500.33.60.1
kernel-devel-azure: before 5.14.21-150500.33.60.1
kernel-azure-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure-debugsource: before 5.14.21-150500.33.60.1
kernel-azure-devel: before 5.14.21-150500.33.60.1
kernel-syms-azure: before 5.14.21-150500.33.60.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.60.1
kernel-azure: before 5.14.21-150500.33.60.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20242372-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
