SUSE update for the Linux Kernel

1) Improper Validation of Array Index

EUVDB-ID: #VU63385

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-43389

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code with elevated privileges.

The vulnerability exists due to improper validation of array index in the ISDN CAPI implementation within detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can send specially crafted data to the system and execute arbitrary code with elevated privileges.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU92900

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-4439

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the detach_capi_ctr() function in drivers/isdn/capi/kcapi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU90090

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47247

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the mlx5e_take_all_route_decap_flows() and mlx5e_encap_valid() functions in drivers/net/ethernet/mellanox/mlx5/core/en/tc_tun_encap.c, within the wait_for_completion() and mlx5e_take_all_encap_flows() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c, within the mlx5e_rep_neigh_update() and mlx5e_rep_update_flows() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/neigh.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU90103

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47311

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the emac_remove() function in drivers/net/ethernet/qualcomm/emac/emac.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU91060

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47328

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the iscsi_prep_bidi_ahs(), iscsi_check_tmf_restrictions(), iscsi_data_in_rsp(), EXPORT_SYMBOL_GPL(), iscsi_exec_task_mgmt_fn(), iscsi_eh_abort(), iscsi_eh_device_reset(), iscsi_session_recovery_timedout(), iscsi_conn_failure(), iscsi_eh_target_reset(), iscsi_session_setup(), iscsi_conn_setup(), iscsi_conn_teardown(), iscsi_conn_start() and iscsi_start_session_recovery() functions in drivers/scsi/libiscsi.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource management error

EUVDB-ID: #VU93188

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47368

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the enetc_clear_bdrs() and enetc_setup_irqs() functions in drivers/net/ethernet/freescale/enetc/enetc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Use-after-free

EUVDB-ID: #VU90136

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47372

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the macb_remove() function in drivers/net/ethernet/cadence/macb_pci.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU90139

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47379

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the spin_lock_irq() and blkcg_deactivate_policy() functions in block/blk-cgroup.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use-after-free

EUVDB-ID: #VU91051

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47571

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the _rtl92e_pci_disconnect() function in drivers/staging/rtl8192e/rtl8192e/rtl_core.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use-after-free

EUVDB-ID: #VU92299

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47576

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the resp_mode_select() function in drivers/scsi/scsi_debug.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Use of uninitialized resource

EUVDB-ID: #VU92933

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47583

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mxl111sf_init() and mxl111sf_get_stream_config_dvbt() functions in drivers/media/usb/dvb-usb-v2/mxl111sf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Use-after-free

EUVDB-ID: #VU92300

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47589

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the igbvf_probe() function in drivers/net/ethernet/intel/igbvf/netdev.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer overflow

EUVDB-ID: #VU93133

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47595

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the ets_qdisc_change() function in net/sched/sch_ets.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU92301

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47596

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the hclgevf_send_mbx_msg() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU92303

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47600

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rebalance_children() function in drivers/md/persistent-data/dm-btree-remove.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of uninitialized resource

EUVDB-ID: #VU92372

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47602

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the ieee80211_sta_tx_wmm_ac_notify() function in net/mac80211/mlme.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU93303

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47609

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the scpi_pm_domain_probe() function in drivers/firmware/scpi_pm_domain.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Input validation error

EUVDB-ID: #VU93309

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47611

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ieee802_11_parse_elems_crc() function in net/mac80211/util.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) NULL pointer dereference

EUVDB-ID: #VU92339

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47612

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nfc_genl_dump_devices_done() function in net/nfc/netlink.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Infinite loop

EUVDB-ID: #VU92929

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47617

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the pciehp_ist() function in drivers/pci/hotplug/pciehp_hpc.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU92918

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47618

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the obj-$() function in arch/arm/probes/kprobes/Makefile. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU92919

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47619

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i40e_get_lump() function in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Out-of-bounds read

EUVDB-ID: #VU92905

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-47620

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the hci_le_adv_report_evt() function in net/bluetooth/hci_event.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU67513

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-2938

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Linux kernel implementation of Pressure Stall Information. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Input validation error

EUVDB-ID: #VU92925

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48711

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tipc_mon_rcv() function in net/tipc/monitor.c, within the tipc_link_proto_rcv() function in net/tipc/link.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Resource management error

EUVDB-ID: #VU93180

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48715

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnx2fc_l2_rcv_thread() and bnx2fc_recv_frame() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Out-of-bounds read

EUVDB-ID: #VU92907

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48717

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the speaker_gain_control_put() function in sound/soc/codecs/max9759.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Memory leak

EUVDB-ID: #VU92892

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48722

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ca8210_async_xmit_complete() function in drivers/net/ieee802154/ca8210.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Memory leak

EUVDB-ID: #VU92880

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48724

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the intel_setup_irq_remapping() function in drivers/iommu/intel_irq_remapping.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Use-after-free

EUVDB-ID: #VU92894

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48726

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ucma_alloc_ctx(), ucma_cleanup_multicast(), ucma_process_join(), mutex_unlock() and ucma_leave_multicast() functions in drivers/infiniband/core/ucma.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) NULL pointer dereference

EUVDB-ID: #VU92908

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48728

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hfi1_ipoib_netdev_dtor() and hfi1_ipoib_setup_rn() functions in drivers/infiniband/hw/hfi1/ipoib_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Memory leak

EUVDB-ID: #VU92882

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48730

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the dma_heap_ioctl() function in drivers/dma-buf/dma-heap.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Off-by-one

EUVDB-ID: #VU92927

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48732

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the nvbios_addr() function in drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Out-of-bounds read

EUVDB-ID: #VU92901

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48736

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_xr_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Out-of-bounds read

EUVDB-ID: #VU92902

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48737

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw_sx() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU92903

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48738

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_soc_put_volsw() function in sound/soc/soc-ops.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) NULL pointer dereference

EUVDB-ID: #VU92911

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48746

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5e_rep_bond_unslave(), mlx5e_rep_changelowerstate_event(), mlx5e_rep_changeupper_event() and mlx5e_rep_esw_bond_netevent() functions in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Use of uninitialized resource

EUVDB-ID: #VU92932

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48747

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the bio_truncate() function in block/bio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Memory leak

EUVDB-ID: #VU92884

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48748

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __allowed_ingress() function in net/bridge/br_vlan.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) NULL pointer dereference

EUVDB-ID: #VU92912

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48749

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the dpu_setup_dspp_pcc() function in drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Resource management error

EUVDB-ID: #VU92959

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48752

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the power_pmu_disable() function in arch/powerpc/perf/core-book3s.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Use-after-free

EUVDB-ID: #VU92898

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48754

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the phy_detach() function in drivers/net/phy/phy_device.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) NULL pointer dereference

EUVDB-ID: #VU92915

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48756

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the msm_dsi_phy_driver_unregister() function in drivers/gpu/drm/msm/dsi/phy/dsi_phy.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Resource management error

EUVDB-ID: #VU92960

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48758

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the bnx2fc_bind_pcidev(), bnx2fc_indicate_netevent(), bnx2fc_vport_destroy(), bnx2fc_if_create(), __bnx2fc_destroy(), bnx2fc_destroy_work() and bnx2fc_ulp_exit() functions in drivers/scsi/bnx2fc/bnx2fc_fcoe.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Race condition

EUVDB-ID: #VU92931

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48759

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the rpmsg_ctrldev_release_device(), rpmsg_chrdev_probe() and rpmsg_chrdev_remove() functions in drivers/rpmsg/rpmsg_char.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Buffer overflow

EUVDB-ID: #VU92976

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48760

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the usb_kill_urb() and usb_poison_urb() functions in drivers/usb/core/urb.c, within the __usb_hcd_giveback_urb() function in drivers/usb/core/hcd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Memory leak

EUVDB-ID: #VU92889

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48767

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the restore_deleg_ino() function in fs/ceph/file.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Memory leak

EUVDB-ID: #VU92890

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48768

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the trace_action_create() function in kernel/trace/trace_events_hist.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Use-after-free

EUVDB-ID: #VU92899

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2022-48771

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU83116

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-24023

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

The vulnerability allows a remote attacker to perform a MitM attack.

The vulnerability exists due to improper verification of cryptographic signature in bluetooth implementation. A remote attacker with physical proximity to the system can perform MitM attack and potentially compromise the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

51) Use-after-free

EUVDB-ID: #VU90064

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52707

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the psi_trigger_destroy() function in kernel/sched/psi.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Use-after-free

EUVDB-ID: #VU90068

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52752

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the seq_printf() and spin_unlock() functions in fs/smb/client/cifs_debug.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Spoofing attack

EUVDB-ID: #VU89895

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-52881

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error within the tcp_ack() function in net/ipv4/tcp_input.c, which can result in system accepting ACK responses for bytes that were never sent. A remote attacker can perform spoofing attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Resource management error

EUVDB-ID: #VU93872

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-26822

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper management of internal resources within the automount_fullpath() and cifs_do_automount() functions in fs/smb/client/namespace.c. A local user can force the SMB client to reuse its parent mount uid, gid and cruid and gain unauthorized access to information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Use-after-free

EUVDB-ID: #VU90167

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35789

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Use-after-free

EUVDB-ID: #VU90150

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-35861

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the cifs_signal_cifsd_for_reconnect() function in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Use-after-free

EUVDB-ID: #VU90152

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35862

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the smb2_is_network_name_deleted() function in fs/smb/client/smb2ops.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Use-after-free

EUVDB-ID: #VU90149

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-35864

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) NULL pointer dereference

EUVDB-ID: #VU90508

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35878

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Use-after-free

EUVDB-ID: #VU92212

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-35950

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Improper locking

EUVDB-ID: #VU90735

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36894

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ffs_user_copy_worker() and ffs_epfile_async_io_complete() functions in drivers/usb/gadget/function/f_fs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) Use-after-free

EUVDB-ID: #VU90047

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36904

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Double Free

EUVDB-ID: #VU90885

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36940

CWE-ID: CWE-415 - Double Free

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Improper privilege management

EUVDB-ID: #VU93734

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-36964

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

The vulnerability allows a local user to read and manipulate data.

The vulnerability exists due to improperly imposed permissions within the p9mode2perm() function in fs/9p/vfs_inode.c. A local user can read and manipulate data.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Buffer overflow

EUVDB-ID: #VU92376

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38541

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the of_modalias() function in drivers/of/module.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Use-after-free

EUVDB-ID: #VU92306

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38545

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the alloc_cqc(), free_cqc() and hns_roce_cq_event() functions in drivers/infiniband/hw/hns/hns_roce_cq.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Out-of-bounds read

EUVDB-ID: #VU92328

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38559

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the qedf_dbg_debug_cmd_write() function in drivers/scsi/qedf/qedf_debugfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Out-of-bounds read

EUVDB-ID: #VU92327

Risk: Low

CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-38560

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bfad_debugfs_write_regrd() and bfad_debugfs_write_regwr() functions in drivers/scsi/bfa/bfad_debugfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro for Rancher: 5.2

SUSE Linux Enterprise Micro: 5.1 - 5.2

kernel-source-rt: before 5.3.18-150300.175.1

kernel-rt-debuginfo: before 5.3.18-150300.175.1

kernel-rt-debugsource: before 5.3.18-150300.175.1

kernel-rt: before 5.3.18-150300.175.1

• cpe:2.3:o:suse:suse_linux_enterprise_micro_for_rancher:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.1:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_micro:5.2:*:*:*:*:*:*:*
• cpe:2.3:o:suse:kernel-source-rt:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:o:suse:kernel-rt:*:*:*:*:*:suse_linux:*:*

http://www.suse.com/support/update/announcement/2024/suse-su-20242384-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.