SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 144 |
| CVE-ID | CVE-2020-36780 CVE-2020-36781 CVE-2020-36782 CVE-2020-36783 CVE-2021-46908 CVE-2021-46909 CVE-2021-46911 CVE-2021-46914 CVE-2021-46917 CVE-2021-46918 CVE-2021-46919 CVE-2021-46920 CVE-2021-46921 CVE-2021-46922 CVE-2021-46930 CVE-2021-46931 CVE-2021-46933 CVE-2021-46938 CVE-2021-46939 CVE-2021-46943 CVE-2021-46944 CVE-2021-46950 CVE-2021-46951 CVE-2021-46956 CVE-2021-46958 CVE-2021-46959 CVE-2021-46960 CVE-2021-46961 CVE-2021-46962 CVE-2021-46963 CVE-2021-46971 CVE-2021-46976 CVE-2021-46980 CVE-2021-46981 CVE-2021-46983 CVE-2021-46984 CVE-2021-46988 CVE-2021-46990 CVE-2021-46991 CVE-2021-46992 CVE-2021-46998 CVE-2021-47000 CVE-2021-47001 CVE-2021-47003 CVE-2021-47006 CVE-2021-47009 CVE-2021-47014 CVE-2021-47015 CVE-2021-47017 CVE-2021-47020 CVE-2021-47026 CVE-2021-47034 CVE-2021-47035 CVE-2021-47038 CVE-2021-47044 CVE-2021-47045 CVE-2021-47046 CVE-2021-47049 CVE-2021-47051 CVE-2021-47055 CVE-2021-47056 CVE-2021-47058 CVE-2021-47063 CVE-2021-47065 CVE-2021-47068 CVE-2021-47070 CVE-2021-47071 CVE-2021-47073 CVE-2021-47077 CVE-2021-47082 CVE-2021-47087 CVE-2021-47095 CVE-2021-47097 CVE-2021-47100 CVE-2021-47101 CVE-2021-47109 CVE-2021-47110 CVE-2021-47112 CVE-2021-47114 CVE-2021-47117 CVE-2021-47118 CVE-2021-47119 CVE-2021-47120 CVE-2021-47130 CVE-2021-47136 CVE-2021-47137 CVE-2021-47138 CVE-2021-47139 CVE-2021-47141 CVE-2021-47142 CVE-2021-47144 CVE-2021-47150 CVE-2021-47153 CVE-2021-47160 CVE-2021-47161 CVE-2021-47164 CVE-2021-47165 CVE-2021-47166 CVE-2021-47167 CVE-2021-47168 CVE-2021-47169 CVE-2021-47170 CVE-2021-47171 CVE-2021-47172 CVE-2021-47173 CVE-2021-47174 CVE-2021-47175 CVE-2021-47176 CVE-2021-47177 CVE-2021-47179 CVE-2021-47180 CVE-2021-47181 CVE-2021-47183 CVE-2021-47185 CVE-2021-47189 CVE-2021-47202 CVE-2022-48626 CVE-2023-0160 CVE-2023-52454 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52492 CVE-2023-52500 CVE-2023-52508 CVE-2023-52509 CVE-2023-52572 CVE-2023-52583 CVE-2023-52590 CVE-2023-52591 CVE-2023-52607 CVE-2023-52628 CVE-2023-6270 CVE-2023-6531 CVE-2023-7042 CVE-2023-7192 CVE-2024-22099 CVE-2024-26600 CVE-2024-26614 CVE-2024-26642 CVE-2024-26704 CVE-2024-26733 |
| CWE-ID | CWE-401 CWE-200 CWE-269 CWE-754 CWE-667 CWE-399 CWE-119 CWE-20 CWE-416 CWE-121 CWE-415 CWE-388 CWE-191 CWE-362 CWE-125 CWE-476 CWE-617 CWE-193 CWE-908 CWE-763 CWE-665 CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Micro for Rancher Operating systems & Components / Operating system SUSE Linux Enterprise Micro Operating systems & Components / Operating system kernel-source-rt Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component kernel-rt Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 144 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU89266
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36780
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due reference leak when pm_runtime_get_sync fails within the sprd_i2c_master_xfer() and sprd_i2c_remove() function in drivers/i2c/busses/i2c-sprd.c. A local user can perform denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU91369
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36781
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the i2c_imx_xfer() and i2c_imx_remove() functions in drivers/i2c/busses/i2c-imx.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU91404
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36782
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the lpi2c_imx_master_enable() function in drivers/i2c/busses/i2c-imx-lpi2c.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU91405
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36783
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the img_i2c_xfer() and img_i2c_init() functions in drivers/i2c/busses/i2c-img-scb.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper privilege management
EUVDB-ID: #VU93739
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46908
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly imposed permissions within the adjust_ptr_min_max_vals() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper check for unusual or exceptional conditions
EUVDB-ID: #VU92396
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46909
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the personal_server_map_irq() function in arch/arm/mach-footbridge/personal-pci.c, within the netwinder_map_irq() function in arch/arm/mach-footbridge/netwinder-pci.c, within the ebsa285_map_irq() function in arch/arm/mach-footbridge/ebsa285-pci.c, within the cats_no_swizzle() function in arch/arm/mach-footbridge/cats-pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU92052
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46911
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the chcr_ktls_xmit() function in drivers/net/ethernet/chelsio/inline_crypto/ch_ktls/chcr_ktls.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU93593
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46914
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ixgbe_resume() function in drivers/net/ethernet/intel/ixgbe/ixgbe_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU91663
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46917
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the disable_wq() function in drivers/dma/idxd/sysfs.c, within the idxd_wq_drain(), idxd_wq_unmap_portal(), idxd_wq_disable_cleanup() and idxd_wq_config_write() functions in drivers/dma/idxd/device.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper privilege management
EUVDB-ID: #VU93740
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46918
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly imposed permissions within the idxd_setup_interrupts() and idxd_shutdown() functions in drivers/dma/idxd/init.c, within the idxd_device_drain_pasid() function in drivers/dma/idxd/device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper privilege management
EUVDB-ID: #VU93741
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46919
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly imposed permissions within the wq_size_store() function in drivers/dma/idxd/sysfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU93627
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46920
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to manipulate data.
The vulnerability exists due to memory corruption within the process_misc_interrupts() function in drivers/dma/idxd/irq.c. A local user can manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Improper locking
EUVDB-ID: #VU88214
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46921
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to improper locking within the queued_write_lock_slowpath() function in kernel/locking/qrwlock.c. A local user can crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU93696
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46922
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the tpm2_seal_trusted() function in security/keys/trusted-keys/trusted_tpm2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Use-after-free
EUVDB-ID: #VU90258
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46930
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mtu3_alloc_request() function in drivers/usb/mtu3/mtu3_gadget.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Stack-based buffer overflow
EUVDB-ID: #VU91303
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46931
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the mlx5e_tx_reporter_dump_sq() and mlx5e_reporter_tx_timeout() functions in drivers/net/ethernet/mellanox/mlx5/core/en/reporter_tx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU90259
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46933
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ffs_data_clear() and ffs_data_reset() functions in drivers/usb/gadget/function/f_fs.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Double free
EUVDB-ID: #VU90901
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46938
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the blk_mq_free_tag_set() and dm_mq_cleanup_mapped_device() functions in drivers/md/dm-rq.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper locking
EUVDB-ID: #VU90807
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46939
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the trace_clock_global() function in kernel/trace/trace_clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Improper error handling
EUVDB-ID: #VU90962
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46943
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper error handling within the imgu_fmt() function in drivers/staging/media/ipu3/ipu3-v4l2.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Memory leak
EUVDB-ID: #VU90042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46944
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the imgu_fmt() function in drivers/staging/media/ipu3/ipu3-v4l2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Resource management error
EUVDB-ID: #VU93648
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46950
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper management of internal resources within the raid1_end_write_request() function in drivers/md/raid1.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Integer underflow
EUVDB-ID: #VU91194
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46951
CWE-ID:
CWE-191 - Integer underflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to integer underflow within the tpm_read_log_efi() function in drivers/char/tpm/eventlog/efi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Memory leak
EUVDB-ID: #VU90043
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46956
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_fs_probe() function in fs/fuse/virtio_fs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free
EUVDB-ID: #VU90256
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_transaction() function in fs/btrfs/transaction.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free
EUVDB-ID: #VU90246
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46959
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the devm_spi_alloc_master(), devm_spi_register_master() and spi_unregister_master() functions in drivers/spi/spi.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Resource management error
EUVDB-ID: #VU93847
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46960
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smb2_get_enc_key() function in fs/cifs/smb2ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Improper error handling
EUVDB-ID: #VU92949
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46961
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the gic_handle_irq() function in drivers/irqchip/irq-gic-v3.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Improper error handling
EUVDB-ID: #VU90963
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46962
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the uniphier_sd_remove() function in drivers/mmc/host/uniphier-sd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Race condition
EUVDB-ID: #VU93384
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46963
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the qla2xxx_mqueuecommand() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Improper locking
EUVDB-ID: #VU92050
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46971
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the SYSCALL_DEFINE5() function in kernel/events/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Resource management error
EUVDB-ID: #VU93301
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46976
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the auto_active() function in drivers/gpu/drm/i915/i915_active.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU90356
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46980
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ucsi_unregister_altmodes(), ucsi_get_pdos() and ucsi_pwr_opmode_change() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) NULL pointer dereference
EUVDB-ID: #VU90641
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46981
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nbd_disconnect_and_put() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) NULL pointer dereference
EUVDB-ID: #VU90643
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46983
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvmet_rdma_send_done() and nvmet_rdma_write_data_done() functions in drivers/nvme/target/rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Out-of-bounds read
EUVDB-ID: #VU90355
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46984
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dd_request_merge() function in block/mq-deadline.c, within the kyber_limit_depth() function in block/kyber-iosched.c, within the __blk_mq_sched_bio_merge() function in block/blk-mq-sched.c, within the bfq_remove_request() function in block/bfq-iosched.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Reachable assertion
EUVDB-ID: #VU90916
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46988
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the shmem_mfill_atomic_pte() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Input validation error
EUVDB-ID: #VU88890
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in arch/powerpc/lib/feature-fixups.c. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Use-after-free
EUVDB-ID: #VU90251
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46991
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the i40e_client_subtask() function in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Out-of-bounds read
EUVDB-ID: #VU90354
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46992
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nft_rhash_destroy() function in net/netfilter/nft_set_hash.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Use-after-free
EUVDB-ID: #VU91070
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the enic_queue_wq_skb_encap(), enic_queue_wq_skb() and enic_hard_start_xmit() functions in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Information disclosure
EUVDB-ID: #VU91406
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47000
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the __fh_to_dentry() function in fs/ceph/export.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Input validation error
EUVDB-ID: #VU94145
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47001
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the rpcrdma_xprt_connect() and rpcrdma_post_sends() functions in net/sunrpc/xprtrdma/verbs.c, within the rpcrdma_reply_handler() function in net/sunrpc/xprtrdma/rpc_rdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) NULL pointer dereference
EUVDB-ID: #VU90645
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47003
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the idxd_cmd_exec() function in drivers/dma/idxd/device.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Buffer overflow
EUVDB-ID: #VU93626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47006
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the breakpoint_handler() function in arch/arm/kernel/hw_breakpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Memory leak
EUVDB-ID: #VU90034
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47009
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpm_seal() function in security/keys/trusted-keys/trusted_tpm1.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Resource management error
EUVDB-ID: #VU93211
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47014
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tcf_ct_handle_fragments(), tcf_ct_act() and skb_push_rcsum() functions in net/sched/act_ct.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper error handling
EUVDB-ID: #VU92947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47015
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Use-after-free
EUVDB-ID: #VU91067
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47017
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath10k_htc_send_bundle() function in drivers/net/wireless/ath/ath10k/htc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Memory leak
EUVDB-ID: #VU90029
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47020
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the sdw_stream_add_slave() function in drivers/soundwire/stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Use-after-free
EUVDB-ID: #VU90254
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47026
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtrs_clt_remove_path_from_sysfs() function in drivers/infiniband/ulp/rtrs/rtrs-clt.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Resource management error
EUVDB-ID: #VU93209
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47034
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the early_map_kernel_page() and __map_kernel_page() functions in arch/powerpc/mm/pgtable-radix.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Improper privilege management
EUVDB-ID: #VU93738
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47035
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local user to read and manipulate data.
The vulnerability exists due to improperly imposed permissions within the __domain_mapping() function in drivers/iommu/intel/iommu.c. A local user can read and manipulate data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Improper locking
EUVDB-ID: #VU90806
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47038
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hci_conn_get_phy() function in net/bluetooth/hci_conn.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Out-of-bounds read
EUVDB-ID: #VU90353
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47044
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the detach_tasks() function in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) NULL pointer dereference
EUVDB-ID: #VU90648
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47045
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_issue_els_plogi() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) Off-by-one
EUVDB-ID: #VU91176
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47046
CWE-ID:
CWE-193 - Off-by-one Error
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Improper error handling
EUVDB-ID: #VU90960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47049
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __vmbus_open() function in drivers/hv/channel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Information disclosure
EUVDB-ID: #VU91407
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47051
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the lpspi_prepare_xfer_hardware() function in drivers/spi/spi-fsl-lpspi.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Improper locking
EUVDB-ID: #VU91543
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47055
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtdchar_ioctl() function in drivers/mtd/mtdchar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) Use of uninitialized resource
EUVDB-ID: #VU93084
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47056
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the adf_probe() function in drivers/crypto/qat/qat_dh895xccvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c62xvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c3xxxvf/adf_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Memory leak
EUVDB-ID: #VU90031
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47058
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the regmap_debugfs_exit() function in drivers/base/regmap/regmap-debugfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) Use-after-free
EUVDB-ID: #VU90243
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47063
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panel_bridge_attach() function in drivers/gpu/drm/bridge/panel.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Out-of-bounds read
EUVDB-ID: #VU90352
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47065
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rtw_phy_load_tables(), rtw_get_channel_group() and rtw_get_tx_power_params() functions in drivers/net/wireless/realtek/rtw88/phy.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) Use-after-free
EUVDB-ID: #VU90245
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47068
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the llcp_sock_bind() and llcp_sock_connect() functions in net/nfc/llcp_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) Memory leak
EUVDB-ID: #VU90028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Memory leak
EUVDB-ID: #VU90025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47071
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Input validation error
EUVDB-ID: #VU93694
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47073
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_dell_smbios_wmi() function in drivers/platform/x86/dell-smbios-wmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) NULL pointer dereference
EUVDB-ID: #VU90638
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47077
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qedf_update_link_speed() function in drivers/scsi/qedf/qedf_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Double Free
EUVDB-ID: #VU89391
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47082
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in drivers/net/tun.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) Release of invalid pointer or reference
EUVDB-ID: #VU93003
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47087
CWE-ID:
CWE-763 - Release of invalid pointer or reference
Exploit availability: No
DescriptionThe vulnerability allows a local user to modify data on the system.
The vulnerability exists due to performance of perform __free_pages(page, order) using this pointer as we would free any arbitrary pages. A local user can modify data on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) NULL pointer dereference
EUVDB-ID: #VU90633
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47095
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ssif_probe() function in drivers/char/ipmi/ipmi_ssif.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Out-of-bounds read
EUVDB-ID: #VU90344
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47097
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the elantech_change_report_id() function in drivers/input/mouse/elantech.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Use-after-free
EUVDB-ID: #VU90233
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47100
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bmc_device() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) Use of uninitialized resource
EUVDB-ID: #VU90882
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47101
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) Resource management error
EUVDB-ID: #VU93625
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47109
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the system when handling NUD_NOARP entries for IPv6. A remote attacker can fill up the neighbour table with enough entries that it will overflow for valid connections after that.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Buffer overflow
EUVDB-ID: #VU91208
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47110
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvm_crash_shutdown() and kvmclock_init() functions in arch/x86/kernel/kvmclock.c, within the kvm_guest_cpu_offline() function in arch/x86/kernel/kvm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) Buffer overflow
EUVDB-ID: #VU89259
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47112
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Teardown PV features implementation in arch/x86/kernel/kvm.c. A local user can trigger memory corruption and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Buffer overflow
EUVDB-ID: #VU89257
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47114
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/ocfs2/file.c. A local user can trigger memory corruption and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
80) Buffer overflow
EUVDB-ID: #VU93162
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47117
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ext4_split_extent_at() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use-after-free
EUVDB-ID: #VU90225
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47118
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kernel_init_freeable() function in init/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Memory leak
EUVDB-ID: #VU90018
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47119
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_fill_super() and kfree() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Input validation error
EUVDB-ID: #VU90860
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the magicmouse_probe() function in drivers/hid/hid-magicmouse.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Race condition
EUVDB-ID: #VU93382
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47130
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the nvmet_data_transfer_len(), nvmet_req_find_p2p_dev() and nvmet_req_free_sgls() functions in drivers/nvme/target/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Use of uninitialized resource
EUVDB-ID: #VU91680
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47136
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the tcf_classify_ingress() function in net/sched/cls_api.c, within the mlx5e_tc_update_skb() function in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c, within the mlx5e_rep_tc_update_skb() function in drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Buffer overflow
EUVDB-ID: #VU91206
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47137
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the xrx200_close(), xrx200_alloc_skb() and xrx200_hw_receive() functions in drivers/net/ethernet/lantiq_xrx200.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Out-of-bounds read
EUVDB-ID: #VU91402
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47138
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the clear_all_filters() function in drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) Improper Initialization
EUVDB-ID: #VU91555
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47139
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hns3_client_init() function in drivers/net/ethernet/hisilicon/hns3/hns3_enet.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) NULL pointer dereference
EUVDB-ID: #VU90619
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47141
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_free_notify_blocks() function in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Use-after-free
EUVDB-ID: #VU90222
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47142
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_ttm_tt_unpopulate() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Memory leak
EUVDB-ID: #VU91652
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47144
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amdgpu_fbdev_destroy() function in drivers/gpu/drm/amd/amdgpu/amdgpu_fb.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) Memory leak
EUVDB-ID: #VU90014
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47150
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fec_enet_init() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Improper error handling
EUVDB-ID: #VU92059
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47153
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the i801_check_post() function in drivers/i2c/busses/i2c-i801.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) Memory leak
EUVDB-ID: #VU91651
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47160
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mt7530_port_set_vlan_aware() function in drivers/net/dsa/mt7530.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper error handling
EUVDB-ID: #VU90953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47161
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dspi_probe() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Null pointer dereference
EUVDB-ID: #VU92393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47164
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to null pointer dereference error within the mlx5e_rep_changelowerstate_event() function in drivers/net/ethernet/mellanox/mlx5/core/en/rep/bond.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) NULL pointer dereference
EUVDB-ID: #VU90615
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47165
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the meson_probe_remote() function in drivers/gpu/drm/meson/meson_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Buffer overflow
EUVDB-ID: #VU93159
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47166
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfs_pageio_doio() and nfs_do_recoalesce() functions in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Input validation error
EUVDB-ID: #VU93691
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47167
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_pageio_do_add_request() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Buffer overflow
EUVDB-ID: #VU91205
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47168
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the filelayout_decode_layout() function in fs/nfs/filelayout/filelayout.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) NULL pointer dereference
EUVDB-ID: #VU90616
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47169
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the RP_ID(), rp2_remove_ports(), rp2_fw_cb(), rp2_probe() and rp2_remove() functions in drivers/tty/serial/rp2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Buffer overflow
EUVDB-ID: #VU93401
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47170
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the proc_bulk() and proc_do_submiturb() functions in drivers/usb/core/devio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Memory leak
EUVDB-ID: #VU90011
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Buffer overflow
EUVDB-ID: #VU93405
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47172
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ad7124_of_parse_channel_config() function in drivers/iio/adc/ad7124.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Memory leak
EUVDB-ID: #VU90013
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47173
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uss720_probe() function in drivers/usb/misc/uss720.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Resource management error
EUVDB-ID: #VU93207
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47174
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nft_pipapo_avx2_lookup() function in net/netfilter/nft_set_pipapo_avx2.c, within the pipapo_refill() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Out-of-bounds read
EUVDB-ID: #VU90338
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47175
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the fq_pie_qdisc_enqueue() function in net/sched/sch_fq_pie.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Input validation error
EUVDB-ID: #VU93690
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47176
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dasd_fba_setup_blk_queue() function in drivers/s390/block/dasd_fba.c, within the dasd_diag_setup_blk_queue() function in drivers/s390/block/dasd_diag.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Information disclosure
EUVDB-ID: #VU91366
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47177
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the alloc_iommu() function in drivers/iommu/dmar.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) NULL pointer dereference
EUVDB-ID: #VU90617
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47179
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the _pnfs_return_layout() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Memory leak
EUVDB-ID: #VU90012
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47180
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL() function in net/nfc/nci/core.c, within the nci_core_conn_create() and nci_hci_allocate() functions in include/net/nfc/nci_core.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) NULL pointer dereference
EUVDB-ID: #VU92071
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47181
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tusb_musb_init() function in drivers/usb/musb/tusb6010.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) NULL pointer dereference
EUVDB-ID: #VU90586
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47183
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli_issue_abort_iotag() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Improper locking
EUVDB-ID: #VU91528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47185
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Race condition
EUVDB-ID: #VU93380
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47189
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the run_ordered_work() and normal_work_helper() functions in fs/btrfs/async-thread.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) NULL pointer dereference
EUVDB-ID: #VU90582
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47202
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend() and of_thermal_set_trip_temp() functions in drivers/thermal/of-thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) Use-after-free
EUVDB-ID: #VU90261
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48626
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the moxart_remove() function in drivers/mmc/host/moxart-mmc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) Improper locking
EUVDB-ID: #VU90810
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0160
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) NULL pointer dereference
EUVDB-ID: #VU89244
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52454
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Use-after-free
EUVDB-ID: #VU89235
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52469
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) NULL pointer dereference
EUVDB-ID: #VU92074
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52470
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) Improper locking
EUVDB-ID: #VU92053
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52474
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the build_vnic_ulp_payload() function in drivers/infiniband/hw/hfi1/vnic_sdma.c, within the build_verbs_tx_desc() function in drivers/infiniband/hw/hfi1/verbs.c, within the user_sdma_send_pkts(), add_system_pages_to_sdma_packet(), hfi1_user_sdma_process_request(), user_sdma_txadd_ahg(), sdma_cache_evict(), user_sdma_txreq_cb(), pq_update(), user_sdma_free_request(), set_comp_state() and sdma_rb_remove() functions in drivers/infiniband/hw/hfi1/user_sdma.c, within the sdma_unmap_desc(), ext_coal_sdma_tx_descs() and _pad_sdma_tx_descs() functions in drivers/infiniband/hw/hfi1/sdma.c, within the hfi1_mmu_rb_insert(), hfi1_mmu_rb_get_first(), __mmu_rb_search() and hfi1_mmu_rb_evict() functions in drivers/infiniband/hw/hfi1/mmu_rb.c, within the hfi1_ipoib_build_ulp_payload() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) Out-of-bounds read
EUVDB-ID: #VU88821
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52476
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the branch_type() and get_branch_type() functions in arch/x86/events/utils.c. A local user can trigger an out-of-bounds read error and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) Use of uninitialized resource
EUVDB-ID: #VU89393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52477
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) NULL pointer dereference
EUVDB-ID: #VU90626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52492
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the EXPORT_SYMBOL_GPL() function in drivers/dma/dmaengine.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Memory leak
EUVDB-ID: #VU91657
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52500
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mpi_set_controller_config_resp() function in drivers/scsi/pm8001/pm80xx_hwi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) NULL pointer dereference
EUVDB-ID: #VU90634
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52508
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nvme_fc_io_getuuid() function in drivers/nvme/host/fc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) Use-after-free
EUVDB-ID: #VU89255
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52509
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user can escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_close() function in drivers/net/ethernet/renesas/ravb_main.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Use-after-free
EUVDB-ID: #VU90239
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52572
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_wake_up_task(), __release_mid(), wait_for_response(), cifs_sync_mid_result(), cifs_compound_callback(), compound_send_recv(), SendReceive() and SendReceiveBlockingLock() functions in fs/smb/client/transport.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Improper locking
EUVDB-ID: #VU91539
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52590
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_rename() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Improper locking
EUVDB-ID: #VU91538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) NULL pointer dereference
EUVDB-ID: #VU90841
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Stack-based buffer overflow
EUVDB-ID: #VU87901
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52628
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_exthdr_sctp_eval(), nft_exthdr_tcp_eval(), and nft_exthdr_ipv6_eval() functions. A local user can pass specially crafted data to the system, trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Race condition
EUVDB-ID: #VU85022
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6531
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition when the unix garbage collector's deletion of a SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. A local user can exploit the race and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) NULL pointer dereference
EUVDB-ID: #VU85422
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7042
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Memory leak
EUVDB-ID: #VU86248
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7192
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the ctnetlink_create_conntrack() function in net/netfilter/nf_conntrack_netlink.c. A local user with CAP_NET_ADMIN privileges can perform denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) NULL pointer dereference
EUVDB-ID: #VU87192
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22099
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) NULL pointer dereference
EUVDB-ID: #VU89249
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26600
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/phy/ti/phy-omap-usb2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Resource management error
EUVDB-ID: #VU91320
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26614
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Improper access control
EUVDB-ID: #VU88150
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26642
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) Double free
EUVDB-ID: #VU90929
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.1 - 5.2
kernel-source-rt: before 5.3.18-150300.166.1
kernel-rt-debuginfo: before 5.3.18-150300.166.1
kernel-rt-debugsource: before 5.3.18-150300.166.1
kernel-rt: before 5.3.18-150300.166.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241465-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
