SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 190 |
| CVE-ID | CVE-2021-47047 CVE-2021-47184 CVE-2021-47185 CVE-2021-47187 CVE-2021-47188 CVE-2021-47191 CVE-2021-47192 CVE-2021-47193 CVE-2021-47194 CVE-2021-47195 CVE-2021-47196 CVE-2021-47197 CVE-2021-47198 CVE-2021-47199 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47206 CVE-2021-47207 CVE-2021-47209 CVE-2021-47210 CVE-2021-47211 CVE-2021-47212 CVE-2021-47214 CVE-2021-47215 CVE-2021-47216 CVE-2021-47217 CVE-2021-47218 CVE-2021-47219 CVE-2022-48631 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48637 CVE-2022-48638 CVE-2022-48639 CVE-2022-48640 CVE-2022-48642 CVE-2022-48644 CVE-2022-48646 CVE-2022-48647 CVE-2022-48648 CVE-2022-48650 CVE-2022-48651 CVE-2022-48652 CVE-2022-48653 CVE-2022-48654 CVE-2022-48655 CVE-2022-48656 CVE-2022-48657 CVE-2022-48658 CVE-2022-48659 CVE-2022-48660 CVE-2022-48662 CVE-2022-48663 CVE-2022-48667 CVE-2022-48668 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48690 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48698 CVE-2022-48699 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2023-2860 CVE-2023-52585 CVE-2023-52589 CVE-2023-52590 CVE-2023-52591 CVE-2023-52593 CVE-2023-52614 CVE-2023-52616 CVE-2023-52620 CVE-2023-52635 CVE-2023-52645 CVE-2023-52646 CVE-2023-52652 CVE-2023-6270 CVE-2024-0639 CVE-2024-0841 CVE-2024-2201 CVE-2024-22099 CVE-2024-23307 CVE-2024-23848 CVE-2024-23850 CVE-2024-26601 CVE-2024-26610 CVE-2024-26656 CVE-2024-26671 CVE-2024-26673 CVE-2024-26675 CVE-2024-26679 CVE-2024-26687 CVE-2024-26688 CVE-2024-26700 CVE-2024-26702 CVE-2024-26733 CVE-2024-26739 CVE-2024-26764 CVE-2024-26766 CVE-2024-26772 CVE-2024-26773 CVE-2024-26783 CVE-2024-26791 CVE-2024-26792 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26830 CVE-2024-26833 CVE-2024-26836 CVE-2024-26840 CVE-2024-26843 CVE-2024-26852 CVE-2024-26853 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26861 CVE-2024-26862 CVE-2024-26866 CVE-2024-26872 CVE-2024-26875 CVE-2024-26876 CVE-2024-26877 CVE-2024-26878 CVE-2024-26879 CVE-2024-26881 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26891 CVE-2024-26893 CVE-2024-26895 CVE-2024-26896 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26915 CVE-2024-26917 CVE-2024-26927 CVE-2024-26933 CVE-2024-26939 CVE-2024-26948 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26960 CVE-2024-26965 CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26972 CVE-2024-26979 CVE-2024-26981 CVE-2024-26982 CVE-2024-26993 CVE-2024-27013 CVE-2024-27014 CVE-2024-27030 CVE-2024-27038 CVE-2024-27039 CVE-2024-27041 CVE-2024-27042 CVE-2024-27043 CVE-2024-27046 CVE-2024-27056 CVE-2024-27059 CVE-2024-27062 CVE-2024-27389 |
| CWE-ID | CWE-119 CWE-476 CWE-667 CWE-399 CWE-125 CWE-371 CWE-401 CWE-665 CWE-416 CWE-20 CWE-388 CWE-121 CWE-200 CWE-362 CWE-193 CWE-284 CWE-1037 CWE-190 CWE-617 CWE-415 CWE-908 CWE-366 CWE-191 CWE-835 CWE-369 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Public Cloud Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system kernel-devel-azure Operating systems & Components / Operating system package or component kernel-source-azure Operating systems & Components / Operating system package or component kernel-azure-vdso Operating systems & Components / Operating system package or component kernel-azure-vdso-debuginfo Operating systems & Components / Operating system package or component kernel-azure Operating systems & Components / Operating system package or component gfs2-kmp-azure Operating systems & Components / Operating system package or component kernel-syms-azure Operating systems & Components / Operating system package or component kernel-azure-devel-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-azure Operating systems & Components / Operating system package or component kselftests-kmp-azure-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-optional Operating systems & Components / Operating system package or component kernel-azure-optional-debuginfo Operating systems & Components / Operating system package or component kernel-azure-extra Operating systems & Components / Operating system package or component cluster-md-kmp-azure Operating systems & Components / Operating system package or component kernel-azure-livepatch-devel Operating systems & Components / Operating system package or component dlm-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-devel Operating systems & Components / Operating system package or component kselftests-kmp-azure Operating systems & Components / Operating system package or component kernel-azure-debugsource Operating systems & Components / Operating system package or component dlm-kmp-azure Operating systems & Components / Operating system package or component gfs2-kmp-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-debuginfo Operating systems & Components / Operating system package or component kernel-azure-extra-debuginfo Operating systems & Components / Operating system package or component reiserfs-kmp-azure Operating systems & Components / Operating system package or component ocfs2-kmp-azure-debuginfo Operating systems & Components / Operating system package or component cluster-md-kmp-azure-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 190 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU93669
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47047
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the zynqmp_qspi_irq(), zynqmp_qspi_setuprxdma(), zynqmp_qspi_write_op(), zynqmp_qspi_exec_op() and zynqmp_qspi_probe() functions in drivers/spi/spi-zynqmp-gqspi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU90587
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47184
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_sync_filters_subtask() and i40e_vsi_release() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper locking
EUVDB-ID: #VU91528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47185
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper locking
EUVDB-ID: #VU91527
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47187
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the arch/arm64/boot/dts/qcom/msm8998.dtsi. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource management error
EUVDB-ID: #VU93843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47188
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU90325
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47191
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_readcap16() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) State Issues
EUVDB-ID: #VU89240
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47192
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error during iSCSI recovery within the store_state_field() function in drivers/scsi/scsi_sysfs.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU90008
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47193
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pm8001_init_ccb_tag(), pm8001_pci_remove() and remove() functions in drivers/scsi/pm8001/pm8001_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper initialization
EUVDB-ID: #VU92392
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47194
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Use-after-free
EUVDB-ID: #VU90204
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47195
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the spi_unregister_controller() function in drivers/spi/spi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU90203
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47196
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the create_qp() function in drivers/infiniband/core/verbs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU93057
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47197
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlx5_debug_cq_remove() function in drivers/net/ethernet/mellanox/mlx5/core/debugfs.c, within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU90208
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47198
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_mbx_cmpl_fc_reg_login() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Memory leak
EUVDB-ID: #VU90476
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47199
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the parse_tc_nic_actions() and parse_tc_fdb_actions() functions in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c, within the mlx5_tc_ct_match_add(), mlx5_tc_ct_parse_action() and __mlx5_tc_ct_flow_offload_clear() functions in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU90206
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47200
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_gem_prime_mmap() function in drivers/gpu/drm/drm_prime.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource management error
EUVDB-ID: #VU92971
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47201
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iavf_disable_vf() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) NULL pointer dereference
EUVDB-ID: #VU90582
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47202
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend() and of_thermal_set_trip_temp() functions in drivers/thermal/of-thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU93156
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47203
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Use-after-free
EUVDB-ID: #VU90205
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47204
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dpaa2_eth_remove() function in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU90007
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47205
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the DEFINE_SPINLOCK() and devm_sunxi_ccu_release() functions in drivers/clk/sunxi-ng/ccu_common.c, within the suniv_f1c100s_ccu_setup() function in drivers/clk/sunxi-ng/ccu-suniv-f1c100s.c, within the sun9i_a80_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80.c, within the sun9i_a80_usb_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-usb.c, within the sun9i_a80_de_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-de.c, within the sun8i_v3_v3s_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-v3s.c, within the sun8i_r40_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-r40.c, within the sunxi_h3_h5_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-h3.c, within the sunxi_de2_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-de2.c, within the sun8i_a83t_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-a83t.c, within the sun8i_a33_ccu_setup() and ccu_pll_notifier_register() functions in drivers/clk/sunxi-ng/ccu-sun8i-a33.c, within the sun8i_a23_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun8i-a23.c, within the sun6i_a31_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun6i-a31.c, within the sun5i_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun5i.c, within the sun50i_h616_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun50i-h616.c, within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c, within the sunxi_r_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c, within the sun50i_a64_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a64.c, within the sun50i_a100_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100.c, within the sun50i_a100_r_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100-r.c, within the sun4i_ccu_init() and sunxi_ccu_probe() functions in drivers/clk/sunxi-ng/ccu-sun4i-a10.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) NULL pointer dereference
EUVDB-ID: #VU92072
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47206
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ohci_hcd_tmio_drv_probe() function in drivers/usb/host/ohci-tmio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU90583
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47207
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_gf1_dma_interrupt() function in sound/isa/gus/gus_dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use-after-free
EUVDB-ID: #VU90207
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47209
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rq_of_rt_se() and rt_rq_of_se() functions in kernel/sched/rt.c, within the free_fair_sched_group() and unregister_fair_sched_group() functions in kernel/sched/fair.c, within the sched_free_group(), sched_online_group(), cpu_cgroup_css_released() and cpu_cgroup_css_free() functions in kernel/sched/core.c, within the autogroup_destroy() function in kernel/sched/autogroup.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU93688
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47210
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tps6598x_block_read() function in drivers/usb/typec/tps6598x.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) NULL pointer dereference
EUVDB-ID: #VU89394
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47211
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the snd_usb_set_sample_rate_v2v3() function in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Error Handling
EUVDB-ID: #VU89241
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47212
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect error handling within the mlx5_internal_err_ret_value() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Memory leak
EUVDB-ID: #VU91649
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47214
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hugetlb_mcopy_atomic_pte() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Buffer overflow
EUVDB-ID: #VU93157
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47215
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the DECLARE_BITMAP(), resync_handle_seq_match(), mlx5e_ktls_add_rx() and mlx5e_ktls_rx_handle_resync_list() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Memory leak
EUVDB-ID: #VU91648
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47216
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the asc_prt_adv_board_info() function in drivers/scsi/advansys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) NULL pointer dereference
EUVDB-ID: #VU90584
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47217
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_hv_tscchange_cb() function in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) NULL pointer dereference
EUVDB-ID: #VU90585
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47218
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hashtab_compute_size() function in security/selinux/ss/hashtab.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU90324
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47219
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the resp_report_tgtpgs() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper locking
EUVDB-ID: #VU92033
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48631
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __ext4_ext_check() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Stack-based buffer overflow
EUVDB-ID: #VU91299
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48632
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the mlxbf_i2c_smbus_start_transaction() function in drivers/i2c/busses/i2c-mlxbf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Improper locking
EUVDB-ID: #VU91451
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48634
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the gma_crtc_page_flip() function in drivers/gpu/drm/gma500/gma_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Resource management error
EUVDB-ID: #VU92987
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48636
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dasd_alias_remove_device() and dasd_alias_get_start_dev() functions in drivers/s390/block/dasd_alias.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU90189
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48637
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bnxt_tx_int() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Input validation error
EUVDB-ID: #VU93687
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48638
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the cgroup_get_from_id() function in kernel/cgroup/cgroup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Information disclosure
EUVDB-ID: #VU91361
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48639
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the net/sched/cls_api.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) NULL pointer dereference
EUVDB-ID: #VU91238
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48640
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bond_open() and bond_init() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU89996
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48642
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Improper locking
EUVDB-ID: #VU91452
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48644
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the taprio_enable_offload() and taprio_disable_offload() functions in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU90565
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48646
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efx_siena_hard_start_xmit() function in drivers/net/ethernet/sfc/siena/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU90564
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48647
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efx_probe_interrupts() function in drivers/net/ethernet/sfc/efx_channels.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) NULL pointer dereference
EUVDB-ID: #VU90566
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48648
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the efx_hard_start_xmit() function in drivers/net/ethernet/sfc/tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Memory leak
EUVDB-ID: #VU89997
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48650
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __qlt_24xx_handle_abts() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Out-of-bounds read
EUVDB-ID: #VU89680
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48651
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in drivers/net/ipvlan/ipvlan_core.c. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Race condition
EUVDB-ID: #VU93379
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48652
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the ice_set_dflt_vsi_ctx(), ice_vsi_setup_q_map(), ice_vsi_setup_q_map_mqprio() and ice_vsi_cfg_tc() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper locking
EUVDB-ID: #VU92032
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48653
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ice_schedule_reset() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Memory leak
EUVDB-ID: #VU91645
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48654
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the nf_osf_find() function in net/netfilter/nfnetlink_osf.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Out-of-bounds read
EUVDB-ID: #VU91400
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48655
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the scmi_domain_reset() function in drivers/firmware/arm_scmi/reset.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Information disclosure
EUVDB-ID: #VU91362
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48656
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the of_xudma_dev_get() function in drivers/dma/ti/k3-udma-private.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Buffer overflow
EUVDB-ID: #VU91438
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48657
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to memory corruption within the validate_cpu_freq_invariance_counters() function in arch/arm64/kernel/topology.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Resource management error
EUVDB-ID: #VU93199
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48658
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to resource management error within the stat(), flush_all_cpus_locked() and kmem_cache_init() functions in mm/slub.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Buffer overflow
EUVDB-ID: #VU93399
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48659
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the create_unique_id() and sysfs_slab_add() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Resource management error
EUVDB-ID: #VU93198
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48660
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the lineevent_create() function in drivers/gpio/gpiolib-cdev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Resource management error
EUVDB-ID: #VU93197
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48662
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to resource management error within the i915_gem_context_release() and context_close() functions in drivers/gpu/drm/i915/gem/i915_gem_context.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) NULL pointer dereference
EUVDB-ID: #VU90567
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48663
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gpio_mockup_init() function in drivers/gpio/gpio-mockup.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Resource management error
EUVDB-ID: #VU93644
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48667
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the smb3_insert_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Resource management error
EUVDB-ID: #VU93645
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48668
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the smb3_collapse_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Improper locking
EUVDB-ID: #VU90763
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48671
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the cgroup_attach_task_all() function in kernel/cgroup/cgroup-v1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Off-by-one
EUVDB-ID: #VU91174
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48672
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an off-by-one error within the unflatten_dt_nodes() function in drivers/of/fdt.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Improper locking
EUVDB-ID: #VU92028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48673
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_wr_rx_process_cqes(), smc_wr_free_link() and smc_wr_create_link() functions in net/smc/smc_wr.c, within the smcr_link_init() function in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Improper locking
EUVDB-ID: #VU90762
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48675
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mmput_async() function in kernel/fork.c, within the mutex_unlock() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU90175
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48686
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Out-of-bounds read
EUVDB-ID: #VU90314
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48687
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) NULL pointer dereference
EUVDB-ID: #VU90515
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_notify_client_of_netdev_close() and i40e_client_subtask() functions in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Memory leak
EUVDB-ID: #VU91642
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48690
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ice_qp_dis(), ice_xsk_pool_enable() and ice_xsk_pool_setup() functions in drivers/net/ethernet/intel/ice/ice_xsk.c, within the ice_xdp_setup_prog() function in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_alloc_rx_buf_zc() and ice_vsi_cfg_rxq() functions in drivers/net/ethernet/intel/ice/ice_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU90516
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48692
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the srp_process_rsp() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Information disclosure
EUVDB-ID: #VU91352
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48693
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the brcmstb_pm_probe() function in drivers/soc/bcm/brcmstb/pm/pm-arm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Improper locking
EUVDB-ID: #VU93387
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48694
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the irdma_generate_flush_completions() function in drivers/infiniband/hw/irdma/utils.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Use-after-free
EUVDB-ID: #VU90171
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48695
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_next_fw_event() and _scsih_fw_event_cleanup_queue() functions in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Use-after-free
EUVDB-ID: #VU90172
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48697
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __nvmet_req_complete() function in drivers/nvme/target/core.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Memory leak
EUVDB-ID: #VU89989
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48698
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the crtc_debugfs_init() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Information disclosure
EUVDB-ID: #VU91350
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48699
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the update_sched_domain_debugfs() function in kernel/sched/debug.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Information disclosure
EUVDB-ID: #VU91351
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48700
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the vaddr_get_pfns() function in drivers/vfio/vfio_iommu_type1.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Out-of-bounds read
EUVDB-ID: #VU90313
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48701
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_usb_parse_audio_interface() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Out-of-bounds read
EUVDB-ID: #VU90312
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48702
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_emu10k1_pcm_channel_alloc() function in sound/pci/emu10k1/emupcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) NULL pointer dereference
EUVDB-ID: #VU90514
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48703
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the int3400_setup_gddv(), int3400_thermal_probe() and int3400_thermal_remove() functions in drivers/thermal/intel/int340x_thermal/int3400_thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Improper locking
EUVDB-ID: #VU91520
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48704
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the radeon_suspend_kms() function in drivers/gpu/drm/radeon/radeon_device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Out-of-bounds read
EUVDB-ID: #VU78675
Risk: Low
CVSSv3.1: 2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2860
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the SR-IPv6 implementation when processing seg6 attributes. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) NULL pointer dereference
EUVDB-ID: #VU91241
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52585
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_query_error_status_helper() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Improper locking
EUVDB-ID: #VU91540
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52589
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rkisp1_isp_stop() function in drivers/media/platform/rockchip/rkisp1/rkisp1-isp.c, within the rkisp1_csi_disable() function in drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Improper locking
EUVDB-ID: #VU91539
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52590
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_rename() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Improper locking
EUVDB-ID: #VU91538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) NULL pointer dereference
EUVDB-ID: #VU90629
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52593
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the wfx_upload_ap_templates() and wfx_start_ap() functions in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Buffer overflow
EUVDB-ID: #VU91315
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52614
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper Initialization
EUVDB-ID: #VU91556
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52616
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the mpi_ec_init() function in lib/mpi/ec.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Improper access control
EUVDB-ID: #VU89268
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52620
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Improper locking
EUVDB-ID: #VU92045
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52635
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Race condition
EUVDB-ID: #VU91477
Risk: Low
CVSSv3.1: 4.1 [AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52645
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the scpsys_add_subdomain() and scpsys_remove_one_domain() functions in drivers/soc/mediatek/mtk-pm-domains.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU93858
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52646
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aio_ring_mremap() function in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Information disclosure
EUVDB-ID: #VU91353
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52652
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper locking
EUVDB-ID: #VU88894
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0639
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper locking within the sctp_auto_asconf_init() function in net/sctp/socket.c. A local user can crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) NULL pointer dereference
EUVDB-ID: #VU89389
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-0841
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hugetlbfs_fill_super() function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU88374
Risk: Medium
CVSSv3.1: 7.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-2201
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) NULL pointer dereference
EUVDB-ID: #VU87192
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22099
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Integer overflow
EUVDB-ID: #VU88102
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Use-after-free
EUVDB-ID: #VU91600
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23848
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Reachable Assertion
EUVDB-ID: #VU87594
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23850
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper locking
EUVDB-ID: #VU93770
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26601
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_generate_buddy() and mb_free_blocks() functions in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Buffer overflow
EUVDB-ID: #VU89679
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26610
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the iwl_dbg_tlv_override_trig_node() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Use-after-free
EUVDB-ID: #VU88145
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26656
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl
to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Buffer overflow
EUVDB-ID: #VU92977
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Input validation error
EUVDB-ID: #VU94118
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26673
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the nft_ct_expect_obj_init() function in net/netfilter/nft_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Input validation error
EUVDB-ID: #VU90858
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26675
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Improper locking
EUVDB-ID: #VU92044
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26679
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the EXPORT_SYMBOL() function in net/ipv4/af_inet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Improper locking
EUVDB-ID: #VU92043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26687
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the shutdown_pirq() and __unbind_from_irq() functions in drivers/xen/events/events_base.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) NULL pointer dereference
EUVDB-ID: #VU90603
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hugetlbfs_parse_param() function in fs/hugetlbfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) NULL pointer dereference
EUVDB-ID: #VU90605
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26700
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_atomic_check() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Out-of-bounds read
EUVDB-ID: #VU91100
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26702
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rm3100_common_probe() function in drivers/iio/magnetometer/rm3100-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Use-after-free
EUVDB-ID: #VU90214
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26739
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Resource management error
EUVDB-ID: #VU93844
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26764
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kiocb_set_cancel_fn() and aio_prep_rw() functions in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Off-by-one
EUVDB-ID: #VU89678
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26766
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an off-by-one error within the _pad_sdma_tx_descs() function in drivers/infiniband/hw/hfi1/sdma.c. A local user can trigger an off-by-one error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Improper locking
EUVDB-ID: #VU92041
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26772
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper locking
EUVDB-ID: #VU93787
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26773
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Resource management error
EUVDB-ID: #VU93473
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26783
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the numamigrate_isolate_page() function in mm/migrate.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Out-of-bounds read
EUVDB-ID: #VU91098
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26791
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the btrfs_check_replace_dev_names() and btrfs_dev_replace_by_ioctl() functions in fs/btrfs/dev-replace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Double free
EUVDB-ID: #VU90897
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26792
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the create_pending_snapshot() function in fs/btrfs/transaction.c, within the create_subvol() function in fs/btrfs/ioctl.c, within the btrfs_free_fs_info(), btrfs_init_fs_root(), btrfs_put_root() and btrfs_get_fs_root() functions in fs/btrfs/disk-io.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Memory leak
EUVDB-ID: #VU91650
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26816
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Integer overflow
EUVDB-ID: #VU88544
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26817
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Resource management error
EUVDB-ID: #VU93775
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26820
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netvsc_vf_handle_frame(), netvsc_vf_join(), netvsc_prepare_bonding(), netvsc_register_vf(), netvsc_unregister_vf(), netvsc_probe() and netvsc_netdev_event() functions in drivers/net/hyperv/netvsc_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) Memory leak
EUVDB-ID: #VU93765
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26825
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nci_free_device() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Input validation error
EUVDB-ID: #VU94135
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26830
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the i40e_check_vf_permission() and i40e_vc_del_mac_addr_msg() functions in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Memory leak
EUVDB-ID: #VU90004
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26833
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dm_sw_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Resource management error
EUVDB-ID: #VU93776
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26836
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the current_value_store() function in drivers/platform/x86/think-lmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Memory leak
EUVDB-ID: #VU90005
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Buffer overflow
EUVDB-ID: #VU93404
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26843
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the riscv_enable_runtime_services() function in drivers/firmware/efi/riscv-runtime.c, within the arm_enable_runtime_services() function in drivers/firmware/efi/arm-runtime.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Use-after-free
EUVDB-ID: #VU90194
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Buffer overflow
EUVDB-ID: #VU91201
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26853
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the igc_xdp_xmit() function in drivers/net/ethernet/intel/igc/igc_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) NULL pointer dereference
EUVDB-ID: #VU90576
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26855
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Use-after-free
EUVDB-ID: #VU91063
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26856
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sparx5_del_mact_entry() function in drivers/net/ethernet/microchip/sparx5/sparx5_mactable.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Use of uninitialized resource
EUVDB-ID: #VU90876
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26857
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_rx() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Race condition within a thread
EUVDB-ID: #VU91433
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26861
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Race condition within a thread
EUVDB-ID: #VU91434
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26862
CWE-ID:
CWE-366 - Race Condition within a Thread
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Use-after-free
EUVDB-ID: #VU90196
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26866
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Use-after-free
EUVDB-ID: #VU90199
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26872
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Use-after-free
EUVDB-ID: #VU90193
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26875
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Improper Initialization
EUVDB-ID: #VU91552
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26876
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the adv7511_probe() function in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Resource management error
EUVDB-ID: #VU93200
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26877
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) NULL pointer dereference
EUVDB-ID: #VU90574
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) NULL pointer dereference
EUVDB-ID: #VU90572
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26879
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/clk/meson/axg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) NULL pointer dereference
EUVDB-ID: #VU90578
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26881
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hclge_ptp_get_rx_hwts() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Use of uninitialized resource
EUVDB-ID: #VU90878
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26882
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) Buffer overflow
EUVDB-ID: #VU91602
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26883
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Buffer overflow
EUVDB-ID: #VU91604
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Buffer overflow
EUVDB-ID: #VU89840
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26885
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Improper locking
EUVDB-ID: #VU91524
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26891
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devtlb_invalidation_with_pasid() function in drivers/iommu/intel/pasid.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) NULL pointer dereference
EUVDB-ID: #VU90577
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26893
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_chan_free() function in drivers/firmware/arm_scmi/smc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Use-after-free
EUVDB-ID: #VU90202
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26895
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_netdev_cleanup() function in drivers/net/wireless/microchip/wilc1000/netdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Memory leak
EUVDB-ID: #VU89998
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26896
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wfx_set_mfp_ap() function in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) NULL pointer dereference
EUVDB-ID: #VU90580
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26897
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Information disclosure
EUVDB-ID: #VU91363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26901
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) NULL pointer dereference
EUVDB-ID: #VU92070
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26903
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Buffer overflow
EUVDB-ID: #VU91311
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26915
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the vega20_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega20_ih.c, within the vega10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/vega10_ih.c, within the tonga_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/tonga_ih.c, within the si_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/si_ih.c, within the navi10_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/navi10_ih.c, within the iceland_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/iceland_ih.c, within the cz_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cz_ih.c, within the cik_ih_get_wptr() function in drivers/gpu/drm/amd/amdgpu/cik_ih.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Improper locking
EUVDB-ID: #VU90778
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26917
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the fcoe_ctlr_announce(), fcoe_ctlr_els_send(), fcoe_ctlr_flogi_send_locked(), fcoe_ctlr_flogi_retry() and fcoe_ctlr_flogi_send() functions in drivers/scsi/fcoe/fcoe_ctlr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) Integer underflow
EUVDB-ID: #VU91671
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26927
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the sof_ipc3_fw_parse_ext_man() function in sound/soc/sof/ipc3-loader.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Improper locking
EUVDB-ID: #VU90777
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26933
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) Use-after-free
EUVDB-ID: #VU90181
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26939
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the active_to_vma() and i915_vma_pin_ww() functions in drivers/gpu/drm/i915/i915_vma.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) Input validation error
EUVDB-ID: #VU94134
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_state_free() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) NULL pointer dereference
EUVDB-ID: #VU91460
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26950
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_peer() function in drivers/net/wireguard/netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Use-after-free
EUVDB-ID: #VU90187
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26951
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wg_get_device_dump() function in drivers/net/wireguard/netlink.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Improper error handling
EUVDB-ID: #VU93652
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26955
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Buffer overflow
EUVDB-ID: #VU93155
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26956
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) Race condition
EUVDB-ID: #VU91475
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26960
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Out-of-bounds read
EUVDB-ID: #VU91393
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26965
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Out-of-bounds read
EUVDB-ID: #VU91394
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26966
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Out-of-bounds read
EUVDB-ID: #VU91397
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26969
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Out-of-bounds read
EUVDB-ID: #VU91398
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26970
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq6018.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) Memory leak
EUVDB-ID: #VU90465
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26972
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() function in fs/ubifs/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) NULL pointer dereference
EUVDB-ID: #VU90558
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26979
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vmw_resource_context_res_add(), vmw_cmd_dx_define_query(), vmw_cmd_dx_view_define(), vmw_cmd_dx_so_define(), vmw_cmd_dx_define_shader() and vmw_cmd_dx_define_streamoutput() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Out-of-bounds read
EUVDB-ID: #VU90318
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26981
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Input validation error
EUVDB-ID: #VU90857
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26982
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Information disclosure
EUVDB-ID: #VU91355
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Improper locking
EUVDB-ID: #VU91521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27013
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) Improper locking
EUVDB-ID: #VU90768
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Race condition
EUVDB-ID: #VU91473
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27030
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) NULL pointer dereference
EUVDB-ID: #VU91236
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27038
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Infinite loop
EUVDB-ID: #VU93067
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27039
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the hisi_clk_register_pll() function in drivers/clk/hisilicon/clk-hi3559a.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) NULL pointer dereference
EUVDB-ID: #VU92069
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27041
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Out-of-bounds read
EUVDB-ID: #VU90315
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27042
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_discovery_reg_base_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Use-after-free
EUVDB-ID: #VU90178
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) NULL pointer dereference
EUVDB-ID: #VU90519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27046
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
187) Resource management error
EUVDB-ID: #VU92983
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27056
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_sta_ensure_queue() function in drivers/net/wireless/intel/iwlwifi/mvm/sta.c, within the __iwl_mvm_suspend() function in drivers/net/wireless/intel/iwlwifi/mvm/d3.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
188) Division by zero
EUVDB-ID: #VU91374
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27059
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the isd200_dump_driveid(), isd200_get_inquiry_data() and isd200_init_info() functions in drivers/usb/storage/isd200.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
189) Race condition
EUVDB-ID: #VU91471
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27062
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the nvkm_object_search() and nvkm_object_remove() functions in drivers/gpu/drm/nouveau/nvkm/core/object.c, within the nvkm_client_new() function in drivers/gpu/drm/nouveau/nvkm/core/client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
190) Resource management error
EUVDB-ID: #VU91608
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27389
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsPublic Cloud Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
openSUSE Leap: 15.5
kernel-devel-azure: before 5.14.21-150500.33.51.1
kernel-source-azure: before 5.14.21-150500.33.51.1
kernel-azure-vdso: before 5.14.21-150500.33.51.1
kernel-azure-vdso-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure: before 5.14.21-150500.33.51.1
kernel-syms-azure: before 5.14.21-150500.33.51.1
kernel-azure-devel-debuginfo: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure: before 5.14.21-150500.33.51.1
kselftests-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-optional: before 5.14.21-150500.33.51.1
kernel-azure-optional-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-livepatch-devel: before 5.14.21-150500.33.51.1
dlm-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-devel: before 5.14.21-150500.33.51.1
kselftests-kmp-azure: before 5.14.21-150500.33.51.1
kernel-azure-debugsource: before 5.14.21-150500.33.51.1
dlm-kmp-azure: before 5.14.21-150500.33.51.1
gfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-debuginfo: before 5.14.21-150500.33.51.1
kernel-azure-extra-debuginfo: before 5.14.21-150500.33.51.1
reiserfs-kmp-azure: before 5.14.21-150500.33.51.1
ocfs2-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
cluster-md-kmp-azure-debuginfo: before 5.14.21-150500.33.51.1
CPE2.3- cpe:2.3:o:suse:public_cloud_module:15-SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP5:*:*:*:*:*:*:
- cpe:2.3:o:suse:opensuse_leap:15.5:*:*:*:*:*:*:
http://www.suse.com/support/update/announcement/2024/suse-su-20241644-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
