SUSE update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 186 |
| CVE-ID | CVE-2019-25160 CVE-2021-46904 CVE-2021-46905 CVE-2021-46909 CVE-2021-46938 CVE-2021-46939 CVE-2021-46941 CVE-2021-46950 CVE-2021-46958 CVE-2021-46960 CVE-2021-46963 CVE-2021-46964 CVE-2021-46966 CVE-2021-46981 CVE-2021-46988 CVE-2021-46990 CVE-2021-46998 CVE-2021-47006 CVE-2021-47015 CVE-2021-47024 CVE-2021-47034 CVE-2021-47045 CVE-2021-47049 CVE-2021-47055 CVE-2021-47056 CVE-2021-47060 CVE-2021-47061 CVE-2021-47063 CVE-2021-47068 CVE-2021-47070 CVE-2021-47071 CVE-2021-47073 CVE-2021-47100 CVE-2021-47101 CVE-2021-47104 CVE-2021-47110 CVE-2021-47112 CVE-2021-47114 CVE-2021-47117 CVE-2021-47118 CVE-2021-47119 CVE-2021-47138 CVE-2021-47141 CVE-2021-47142 CVE-2021-47143 CVE-2021-47146 CVE-2021-47149 CVE-2021-47150 CVE-2021-47153 CVE-2021-47159 CVE-2021-47161 CVE-2021-47162 CVE-2021-47165 CVE-2021-47166 CVE-2021-47167 CVE-2021-47168 CVE-2021-47169 CVE-2021-47171 CVE-2021-47173 CVE-2021-47177 CVE-2021-47179 CVE-2021-47180 CVE-2021-47181 CVE-2021-47182 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47188 CVE-2021-47189 CVE-2021-47198 CVE-2021-47202 CVE-2021-47203 CVE-2021-47204 CVE-2021-47205 CVE-2021-47207 CVE-2021-47211 CVE-2021-47216 CVE-2021-47217 CVE-2022-0487 CVE-2022-48619 CVE-2022-48626 CVE-2022-48636 CVE-2022-48650 CVE-2022-48651 CVE-2022-48667 CVE-2022-48668 CVE-2022-48687 CVE-2022-48688 CVE-2022-48695 CVE-2022-48701 CVE-2023-0160 CVE-2023-52454 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52476 CVE-2023-52477 CVE-2023-52486 CVE-2023-52488 CVE-2023-52509 CVE-2023-52515 CVE-2023-52524 CVE-2023-52528 CVE-2023-52583 CVE-2023-52587 CVE-2023-52590 CVE-2023-52591 CVE-2023-52595 CVE-2023-52598 CVE-2023-52607 CVE-2023-52614 CVE-2023-52620 CVE-2023-52628 CVE-2023-52635 CVE-2023-52639 CVE-2023-52644 CVE-2023-52646 CVE-2023-52650 CVE-2023-52652 CVE-2023-52653 CVE-2023-6270 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-7042 CVE-2023-7192 CVE-2024-2201 CVE-2024-22099 CVE-2024-23307 CVE-2024-23848 CVE-2024-24855 CVE-2024-24861 CVE-2024-26614 CVE-2024-26642 CVE-2024-26651 CVE-2024-26671 CVE-2024-26675 CVE-2024-26689 CVE-2024-26704 CVE-2024-26733 CVE-2024-26739 CVE-2024-26743 CVE-2024-26744 CVE-2024-26747 CVE-2024-26754 CVE-2024-26763 CVE-2024-26771 CVE-2024-26772 CVE-2024-26773 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26793 CVE-2024-26805 CVE-2024-26816 CVE-2024-26817 CVE-2024-26839 CVE-2024-26840 CVE-2024-26852 CVE-2024-26855 CVE-2024-26857 CVE-2024-26859 CVE-2024-26878 CVE-2024-26883 CVE-2024-26884 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26907 CVE-2024-26922 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931 CVE-2024-26948 CVE-2024-26993 CVE-2024-27013 CVE-2024-27014 CVE-2024-27043 CVE-2024-27046 CVE-2024-27054 CVE-2024-27072 CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27078 CVE-2024-27388 |
| CWE-ID | CWE-125 CWE-476 CWE-754 CWE-415 CWE-667 CWE-399 CWE-416 CWE-362 CWE-617 CWE-20 CWE-119 CWE-388 CWE-401 CWE-908 CWE-835 CWE-200 CWE-284 CWE-121 CWE-1037 CWE-190 CWE-252 CWE-369 CWE-682 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #79 is available. |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Real Time 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system kernel-rt Operating systems & Components / Operating system package or component kernel-rt_debug Operating systems & Components / Operating system package or component kernel-source-rt Operating systems & Components / Operating system package or component kernel-devel-rt Operating systems & Components / Operating system package or component kernel-rt_debug-devel Operating systems & Components / Operating system package or component kernel-rt_debug-devel-debuginfo Operating systems & Components / Operating system package or component ocfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt-debugsource Operating systems & Components / Operating system package or component cluster-md-kmp-rt Operating systems & Components / Operating system package or component gfs2-kmp-rt Operating systems & Components / Operating system package or component kernel-rt-devel Operating systems & Components / Operating system package or component cluster-md-kmp-rt-debuginfo Operating systems & Components / Operating system package or component kernel-rt_debug-debuginfo Operating systems & Components / Operating system package or component dlm-kmp-rt Operating systems & Components / Operating system package or component ocfs2-kmp-rt Operating systems & Components / Operating system package or component kernel-rt_debug-debugsource Operating systems & Components / Operating system package or component kernel-syms-rt Operating systems & Components / Operating system package or component kernel-rt-devel-debuginfo Operating systems & Components / Operating system package or component kernel-rt-base-debuginfo Operating systems & Components / Operating system package or component kernel-rt-base Operating systems & Components / Operating system package or component gfs2-kmp-rt-debuginfo Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 186 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU90360
Risk: Low
CVSSv3.1: 6.2 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-25160
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to read data or crash the application.
The vulnerability exists due to an out-of-bounds read error within the cipso_v4_bitmap_walk() and cipso_v4_map_lvl_valid() functions in net/ipv4/cipso_ipv4.c. A local user can read data or crash the application.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU87990
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46904
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error during tty device unregistration
within the get_free_serial_index() function in drivers/net/usb/hso.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU87991
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46905
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error on disconnect regression within the hso_serial_tty_unregister() functin in drivers/net/usb/hso.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper check for unusual or exceptional conditions
EUVDB-ID: #VU92396
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46909
CWE-ID:
CWE-754 - Improper Check for Unusual or Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the personal_server_map_irq() function in arch/arm/mach-footbridge/personal-pci.c, within the netwinder_map_irq() function in arch/arm/mach-footbridge/netwinder-pci.c, within the ebsa285_map_irq() function in arch/arm/mach-footbridge/ebsa285-pci.c, within the cats_no_swizzle() function in arch/arm/mach-footbridge/cats-pci.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Double free
EUVDB-ID: #VU90901
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46938
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the blk_mq_free_tag_set() and dm_mq_cleanup_mapped_device() functions in drivers/md/dm-rq.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper locking
EUVDB-ID: #VU90807
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46939
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the trace_clock_global() function in kernel/trace/trace_clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU91545
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46941
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dwc3_set_prtcap(), __dwc3_set_mode() and dwc3_probe() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource management error
EUVDB-ID: #VU93648
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46950
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper management of internal resources within the raid1_end_write_request() function in drivers/md/raid1.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Use-after-free
EUVDB-ID: #VU90256
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46958
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_transaction() function in fs/btrfs/transaction.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Resource management error
EUVDB-ID: #VU93847
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46960
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smb2_get_enc_key() function in fs/cifs/smb2ops.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Race condition
EUVDB-ID: #VU93384
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46963
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the qla2xxx_mqueuecommand() function in drivers/scsi/qla2xxx/qla_os.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) NULL pointer dereference
EUVDB-ID: #VU90651
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46964
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qla24xx_enable_msix() function in drivers/scsi/qla2xxx/qla_isr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU88893
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46966
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cm_write() function in drivers/acpi/custom_method.c. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) NULL pointer dereference
EUVDB-ID: #VU90641
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46981
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nbd_disconnect_and_put() function in drivers/block/nbd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Reachable assertion
EUVDB-ID: #VU90916
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46988
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the shmem_mfill_atomic_pte() function in mm/shmem.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU88890
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46990
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in arch/powerpc/lib/feature-fixups.c. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free
EUVDB-ID: #VU91070
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-46998
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the enic_queue_wq_skb_encap(), enic_queue_wq_skb() and enic_hard_start_xmit() functions in drivers/net/ethernet/cisco/enic/enic_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU93626
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47006
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the breakpoint_handler() function in arch/arm/kernel/hw_breakpoint.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper error handling
EUVDB-ID: #VU92947
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47015
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bnxt_rx_pkt() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Memory leak
EUVDB-ID: #VU90033
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47024
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the virtio_transport_reset_no_sock(), virtio_transport_do_close() and virtio_transport_close() functions in net/vmw_vsock/virtio_transport_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Resource management error
EUVDB-ID: #VU93209
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47034
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the early_map_kernel_page() and __map_kernel_page() functions in arch/powerpc/mm/pgtable-radix.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) NULL pointer dereference
EUVDB-ID: #VU90648
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47045
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_issue_els_plogi() function in drivers/scsi/lpfc/lpfc_els.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper error handling
EUVDB-ID: #VU90960
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47049
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the __vmbus_open() function in drivers/hv/channel.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Improper locking
EUVDB-ID: #VU91543
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47055
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtdchar_ioctl() function in drivers/mtd/mtdchar.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use of uninitialized resource
EUVDB-ID: #VU93084
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47056
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the adf_probe() function in drivers/crypto/qat/qat_dh895xccvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c62xvf/adf_drv.c, within the adf_probe() function in drivers/crypto/qat/qat_c3xxxvf/adf_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) NULL pointer dereference
EUVDB-ID: #VU92997
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47060
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to execute arbitrary code on the target system.
The vulnerability exists due to a NULL pointer dereference error. A local privileged user can pass specially crafted data to the application and execute arbitrary code on the target system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Use-after-free
EUVDB-ID: #VU90244
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47061
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kvm_io_bus_unregister_dev() function in virt/kvm/kvm_main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Use-after-free
EUVDB-ID: #VU90243
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47063
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the panel_bridge_attach() function in drivers/gpu/drm/bridge/panel.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free
EUVDB-ID: #VU90245
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47068
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the llcp_sock_bind() and llcp_sock_connect() functions in net/nfc/llcp_sock.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Memory leak
EUVDB-ID: #VU90028
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47070
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Memory leak
EUVDB-ID: #VU90025
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47071
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hv_uio_probe() function in drivers/uio/uio_hv_generic.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Input validation error
EUVDB-ID: #VU93694
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47073
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the init_dell_smbios_wmi() function in drivers/platform/x86/dell-smbios-wmi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Use-after-free
EUVDB-ID: #VU90233
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47100
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the cleanup_bmc_device() function in drivers/char/ipmi/ipmi_msghandler.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Use of uninitialized resource
EUVDB-ID: #VU90882
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47101
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the asix_check_host_enable() function in drivers/net/usb/asix_common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Memory leak
EUVDB-ID: #VU90019
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47104
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the qib_user_sdma_queue_pkts() function in drivers/infiniband/hw/qib/qib_user_sdma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Buffer overflow
EUVDB-ID: #VU91208
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47110
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the kvm_crash_shutdown() and kvmclock_init() functions in arch/x86/kernel/kvmclock.c, within the kvm_guest_cpu_offline() function in arch/x86/kernel/kvm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Buffer overflow
EUVDB-ID: #VU89259
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47112
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Teardown PV features implementation in arch/x86/kernel/kvm.c. A local user can trigger memory corruption and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Buffer overflow
EUVDB-ID: #VU89257
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47114
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in fs/ocfs2/file.c. A local user can trigger memory corruption and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Buffer overflow
EUVDB-ID: #VU93162
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47117
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ext4_split_extent_at() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Use-after-free
EUVDB-ID: #VU90225
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47118
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kernel_init_freeable() function in init/main.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Memory leak
EUVDB-ID: #VU90018
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47119
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ext4_fill_super() and kfree() functions in fs/ext4/super.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU91402
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47138
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the clear_all_filters() function in drivers/net/ethernet/chelsio/cxgb4/cxgb4_filter.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) NULL pointer dereference
EUVDB-ID: #VU90619
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47141
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the gve_free_notify_blocks() function in drivers/net/ethernet/google/gve/gve_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Use-after-free
EUVDB-ID: #VU90222
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47142
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the amdgpu_ttm_tt_unpopulate() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Improper error handling
EUVDB-ID: #VU90956
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47143
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the EXPORT_SYMBOL_GPL() and smcd_register_dev() functions in net/smc/smc_ism.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Improper locking
EUVDB-ID: #VU92048
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47146
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mld_newpack() function in net/ipv6/mcast.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) NULL pointer dereference
EUVDB-ID: #VU90620
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47149
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the fmvj18x_get_hwinfo() function in drivers/net/ethernet/fujitsu/fmvj18x_cs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Memory leak
EUVDB-ID: #VU90014
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47150
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the fec_enet_init() function in drivers/net/ethernet/freescale/fec_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Improper error handling
EUVDB-ID: #VU92059
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47153
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the i801_check_post() function in drivers/i2c/busses/i2c-i801.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Infinite loop
EUVDB-ID: #VU93069
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47159
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the dsa_master_get_strings() function in net/dsa/master.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Improper error handling
EUVDB-ID: #VU90953
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47161
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the dspi_probe() function in drivers/spi/spi-fsl-dspi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Use-after-free
EUVDB-ID: #VU91064
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47162
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) NULL pointer dereference
EUVDB-ID: #VU90615
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47165
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the meson_probe_remote() function in drivers/gpu/drm/meson/meson_drv.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Buffer overflow
EUVDB-ID: #VU93159
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47166
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nfs_pageio_doio() and nfs_do_recoalesce() functions in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Input validation error
EUVDB-ID: #VU93691
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47167
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nfs_pageio_do_add_request() function in fs/nfs/pagelist.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
56) Buffer overflow
EUVDB-ID: #VU91205
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47168
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the filelayout_decode_layout() function in fs/nfs/filelayout/filelayout.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
57) NULL pointer dereference
EUVDB-ID: #VU90616
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47169
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the RP_ID(), rp2_remove_ports(), rp2_fw_cb(), rp2_probe() and rp2_remove() functions in drivers/tty/serial/rp2.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
58) Memory leak
EUVDB-ID: #VU90011
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47171
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the smsc75xx_bind() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
59) Memory leak
EUVDB-ID: #VU90013
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47173
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the uss720_probe() function in drivers/usb/misc/uss720.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
60) Information disclosure
EUVDB-ID: #VU91366
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47177
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the alloc_iommu() function in drivers/iommu/dmar.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
61) NULL pointer dereference
EUVDB-ID: #VU90617
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47179
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the _pnfs_return_layout() function in fs/nfs/pnfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
62) Memory leak
EUVDB-ID: #VU90012
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47180
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the EXPORT_SYMBOL() function in net/nfc/nci/core.c, within the nci_core_conn_create() and nci_hci_allocate() functions in include/net/nfc/nci_core.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
63) NULL pointer dereference
EUVDB-ID: #VU92071
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47181
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tusb_musb_init() function in drivers/usb/musb/tusb6010.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
64) Buffer overflow
EUVDB-ID: #VU89395
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47182
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the scsi_mode_sense() function in drivers/scsi/scsi_lib.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
65) NULL pointer dereference
EUVDB-ID: #VU90586
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47183
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lpfc_sli_issue_abort_iotag() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
66) NULL pointer dereference
EUVDB-ID: #VU90587
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47184
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_sync_filters_subtask() and i40e_vsi_release() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
67) Improper locking
EUVDB-ID: #VU91528
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47185
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
68) Resource management error
EUVDB-ID: #VU93843
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47188
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
69) Race condition
EUVDB-ID: #VU93380
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47189
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within the run_ordered_work() and normal_work_helper() functions in fs/btrfs/async-thread.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
70) Use-after-free
EUVDB-ID: #VU90208
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47198
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the lpfc_mbx_cmpl_fc_reg_login() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
71) NULL pointer dereference
EUVDB-ID: #VU90582
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47202
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend() and of_thermal_set_trip_temp() functions in drivers/thermal/of-thermal.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
72) Buffer overflow
EUVDB-ID: #VU93156
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47203
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
73) Use-after-free
EUVDB-ID: #VU90205
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47204
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dpaa2_eth_remove() function in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
74) Memory leak
EUVDB-ID: #VU90007
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47205
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the DEFINE_SPINLOCK() and devm_sunxi_ccu_release() functions in drivers/clk/sunxi-ng/ccu_common.c, within the suniv_f1c100s_ccu_setup() function in drivers/clk/sunxi-ng/ccu-suniv-f1c100s.c, within the sun9i_a80_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80.c, within the sun9i_a80_usb_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-usb.c, within the sun9i_a80_de_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-de.c, within the sun8i_v3_v3s_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-v3s.c, within the sun8i_r40_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-r40.c, within the sunxi_h3_h5_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-h3.c, within the sunxi_de2_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-de2.c, within the sun8i_a83t_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-a83t.c, within the sun8i_a33_ccu_setup() and ccu_pll_notifier_register() functions in drivers/clk/sunxi-ng/ccu-sun8i-a33.c, within the sun8i_a23_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun8i-a23.c, within the sun6i_a31_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun6i-a31.c, within the sun5i_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun5i.c, within the sun50i_h616_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun50i-h616.c, within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c, within the sunxi_r_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c, within the sun50i_a64_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a64.c, within the sun50i_a100_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100.c, within the sun50i_a100_r_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100-r.c, within the sun4i_ccu_init() and sunxi_ccu_probe() functions in drivers/clk/sunxi-ng/ccu-sun4i-a10.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
75) NULL pointer dereference
EUVDB-ID: #VU90583
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47207
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the snd_gf1_dma_interrupt() function in sound/isa/gus/gus_dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
76) NULL pointer dereference
EUVDB-ID: #VU89394
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47211
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the snd_usb_set_sample_rate_v2v3() function in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
77) Memory leak
EUVDB-ID: #VU91648
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47216
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the asc_prt_adv_board_info() function in drivers/scsi/advansys.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
78) NULL pointer dereference
EUVDB-ID: #VU90584
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-47217
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the set_hv_tscchange_cb() function in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
79) Use-after-free
EUVDB-ID: #VU61181
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-0487
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. A local user can trigger a use-after-free error and gain access to sensitive information.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
80) Input validation error
EUVDB-ID: #VU87772
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48619
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the input_set_capability() function in drivers/input/input.c. A local user can crash the OS kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
81) Use-after-free
EUVDB-ID: #VU90261
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48626
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the moxart_remove() function in drivers/mmc/host/moxart-mmc.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
82) Resource management error
EUVDB-ID: #VU92987
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48636
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dasd_alias_remove_device() and dasd_alias_get_start_dev() functions in drivers/s390/block/dasd_alias.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
83) Memory leak
EUVDB-ID: #VU89997
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48650
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __qlt_24xx_handle_abts() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
84) Out-of-bounds read
EUVDB-ID: #VU89680
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48651
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in drivers/net/ipvlan/ipvlan_core.c. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
85) Resource management error
EUVDB-ID: #VU93644
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48667
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the smb3_insert_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
86) Resource management error
EUVDB-ID: #VU93645
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48668
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to corrupt data.
The vulnerability exists due to improper management of internal resources within the smb3_collapse_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
87) Out-of-bounds read
EUVDB-ID: #VU90314
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48687
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
88) NULL pointer dereference
EUVDB-ID: #VU90515
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48688
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the i40e_notify_client_of_netdev_close() and i40e_client_subtask() functions in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
89) Use-after-free
EUVDB-ID: #VU90171
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48695
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dequeue_next_fw_event() and _scsih_fw_event_cleanup_queue() functions in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
90) Out-of-bounds read
EUVDB-ID: #VU90313
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48701
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the snd_usb_parse_audio_interface() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
91) Improper locking
EUVDB-ID: #VU90810
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0160
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
92) NULL pointer dereference
EUVDB-ID: #VU89244
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52454
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_pdu_iovec() function in drivers/nvme/target/tcp.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
93) Use-after-free
EUVDB-ID: #VU89235
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52469
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the kv_parse_power_table() function in drivers/gpu/drm/amd/amdgpu/kv_dpm.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
94) NULL pointer dereference
EUVDB-ID: #VU92074
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52470
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the radeon_crtc_init() function in drivers/gpu/drm/radeon/radeon_display.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
95) Improper locking
EUVDB-ID: #VU92053
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52474
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the build_vnic_ulp_payload() function in drivers/infiniband/hw/hfi1/vnic_sdma.c, within the build_verbs_tx_desc() function in drivers/infiniband/hw/hfi1/verbs.c, within the user_sdma_send_pkts(), add_system_pages_to_sdma_packet(), hfi1_user_sdma_process_request(), user_sdma_txadd_ahg(), sdma_cache_evict(), user_sdma_txreq_cb(), pq_update(), user_sdma_free_request(), set_comp_state() and sdma_rb_remove() functions in drivers/infiniband/hw/hfi1/user_sdma.c, within the sdma_unmap_desc(), ext_coal_sdma_tx_descs() and _pad_sdma_tx_descs() functions in drivers/infiniband/hw/hfi1/sdma.c, within the hfi1_mmu_rb_insert(), hfi1_mmu_rb_get_first(), __mmu_rb_search() and hfi1_mmu_rb_evict() functions in drivers/infiniband/hw/hfi1/mmu_rb.c, within the hfi1_ipoib_build_ulp_payload() function in drivers/infiniband/hw/hfi1/ipoib_tx.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
96) Out-of-bounds read
EUVDB-ID: #VU88821
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52476
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the branch_type() and get_branch_type() functions in arch/x86/events/utils.c. A local user can trigger an out-of-bounds read error and crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
97) Use of uninitialized resource
EUVDB-ID: #VU89393
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52477
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of uninitialized BOS descriptors in drivers/usb/core/hub.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
98) Improper locking
EUVDB-ID: #VU90801
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52486
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the drivers/gpu/drm/drm_plane.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
99) Input validation error
EUVDB-ID: #VU94144
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52488
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the sc16is7xx_fifo_read(), sc16is7xx_fifo_write() and sc16is7xx_regmap_precious() functions in drivers/tty/serial/sc16is7xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
100) Use-after-free
EUVDB-ID: #VU89255
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52509
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user can escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ravb_close() function in drivers/net/ethernet/renesas/ravb_main.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
101) Use-after-free
EUVDB-ID: #VU90236
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52515
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srp_abort() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
102) Improper locking
EUVDB-ID: #VU91319
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52524
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfc_llcp_register_device() function in net/nfc/llcp_core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
103) Use of uninitialized resource
EUVDB-ID: #VU90884
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52528
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the __smsc75xx_read_reg() function in drivers/net/usb/smsc75xx.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
104) Improper locking
EUVDB-ID: #VU90802
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52583
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ceph_encode_dentry_release() function in fs/ceph/caps.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
105) Improper locking
EUVDB-ID: #VU91541
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52587
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ipoib_mcast_join() function in drivers/infiniband/ulp/ipoib/ipoib_multicast.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
106) Improper locking
EUVDB-ID: #VU91539
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52590
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ocfs2_rename() function in fs/ocfs2/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
107) Improper locking
EUVDB-ID: #VU91538
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52591
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the reiserfs_rename() function in fs/reiserfs/namei.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
108) Improper locking
EUVDB-ID: #VU90803
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52595
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the rt2x00mac_bss_info_changed() function in drivers/net/wireless/ralink/rt2x00/rt2x00mac.c, within the rt2x00lib_disable_radio(), rt2x00lib_start() and rt2x00lib_stop() functions in drivers/net/wireless/ralink/rt2x00/rt2x00dev.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
109) Resource management error
EUVDB-ID: #VU93864
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52598
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in arch/s390/kernel/ptrace.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
110) NULL pointer dereference
EUVDB-ID: #VU90841
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52607
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the pgtable_cache_add() function in arch/powerpc/mm/init-common.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
111) Buffer overflow
EUVDB-ID: #VU91315
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52614
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the trans_stat_show() function in drivers/devfreq/devfreq.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
112) Improper access control
EUVDB-ID: #VU89268
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52620
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c when setting timeouts from userspace. A local user can bypass implemented security restrictions and perform a denial of service attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
113) Stack-based buffer overflow
EUVDB-ID: #VU87901
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52628
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_exthdr_sctp_eval(), nft_exthdr_tcp_eval(), and nft_exthdr_ipv6_eval() functions. A local user can pass specially crafted data to the system, trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
114) Improper locking
EUVDB-ID: #VU92045
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52635
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devfreq_monitor(), devfreq_monitor_start() and devfreq_monitor_stop() functions in drivers/devfreq/devfreq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
115) Race condition
EUVDB-ID: #VU91483
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52639
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the gmap_shadow() function in arch/s390/mm/gmap.c, within the acquire_gmap_shadow() function in arch/s390/kvm/vsie.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
116) Infinite loop
EUVDB-ID: #VU93068
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52644
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
117) NULL pointer dereference
EUVDB-ID: #VU93858
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52646
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aio_ring_mremap() function in fs/aio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
118) NULL pointer dereference
EUVDB-ID: #VU90517
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52650
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
119) Information disclosure
EUVDB-ID: #VU91353
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52652
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
120) Memory leak
EUVDB-ID: #VU90459
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-52653
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
121) Use-after-free
EUVDB-ID: #VU91599
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6270
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
122) NULL pointer dereference
EUVDB-ID: #VU85854
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6356
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_iovec() function in the Linux kernel's NVMe driver. A remote attacker can pass specially crafted TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
123) NULL pointer dereference
EUVDB-ID: #VU85853
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6535
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_execute_request() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
124) NULL pointer dereference
EUVDB-ID: #VU85852
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6536
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the __nvmet_req_complete() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
125) NULL pointer dereference
EUVDB-ID: #VU85422
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7042
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
126) Memory leak
EUVDB-ID: #VU86248
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-7192
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the ctnetlink_create_conntrack() function in net/netfilter/nf_conntrack_netlink.c. A local user with CAP_NET_ADMIN privileges can perform denial of service attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
127) Processor optimization removal or modification of security-critical code
EUVDB-ID: #VU88374
Risk: Medium
CVSSv3.1: 7.8 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-2201
CWE-ID:
CWE-1037 - Processor optimization removal or modification of security-critical code
Exploit availability: No
DescriptionThe vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to native branch history injection on x86 systems. A malicious guest can infer the contents of arbitrary host memory, including memory assigned to other guests and compromise the affected system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
128) NULL pointer dereference
EUVDB-ID: #VU87192
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-22099
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rfcomm_check_security() function in /net/bluetooth/rfcomm/core.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
129) Integer overflow
EUVDB-ID: #VU88102
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23307
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
130) Use-after-free
EUVDB-ID: #VU91600
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-23848
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. A local user can perform a denial of service (DoS) attack.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
131) Race condition
EUVDB-ID: #VU87602
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24855
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the lpfc_unregister_fcf_rescan() function in scsi device driver. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
132) Race condition
EUVDB-ID: #VU91634
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24861
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
133) Resource management error
EUVDB-ID: #VU91320
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26614
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the reqsk_queue_alloc() function in net/core/request_sock.c. A remote attacker can send specially crafted ACK packets to the system and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
134) Improper access control
EUVDB-ID: #VU88150
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26642
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions within the nf_tables_newset() function in net/netfilter/nf_tables_api.c. A local user can set arbitrary timeouts, which can result in a denial of service condition.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
135) Unchecked Return Value
EUVDB-ID: #VU87902
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26651
CWE-ID:
CWE-252 - Unchecked Return Value
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
136) Buffer overflow
EUVDB-ID: #VU92977
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26671
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_mq_mark_tag_wait() function in block/blk-mq.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
137) Input validation error
EUVDB-ID: #VU90858
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26675
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the ppp_async_ioctl() function in drivers/net/ppp/ppp_async.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
138) Use-after-free
EUVDB-ID: #VU90220
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26689
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __prep_cap() and __send_cap() functions in fs/ceph/caps.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
139) Double free
EUVDB-ID: #VU90929
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26704
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ext4_move_extents() function in fs/ext4/move_extent.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
140) Buffer overflow
EUVDB-ID: #VU92952
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26733
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the arp_req_get() function in net/ipv4/arp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
141) Use-after-free
EUVDB-ID: #VU90214
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26739
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcf_mirred_to_dev() function in net/sched/act_mirred.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
142) Improper locking
EUVDB-ID: #VU92042
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26743
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qedr_create_user_qp() function in drivers/infiniband/hw/qedr/verbs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
143) NULL pointer dereference
EUVDB-ID: #VU90596
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26744
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the module_param() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
144) NULL pointer dereference
EUVDB-ID: #VU90598
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26747
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the usb_role_switch_get(), fwnode_usb_role_switch_get(), EXPORT_SYMBOL_GPL(), usb_role_switch_find_by_fwnode() and usb_role_switch_register() functions in drivers/usb/roles/class.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
145) Use-after-free
EUVDB-ID: #VU90217
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26754
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
146) Resource management error
EUVDB-ID: #VU93859
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26763
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources during authentication within the kcryptd_crypt_write_convert() function in drivers/md/dm-crypt.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
147) NULL pointer dereference
EUVDB-ID: #VU90602
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26771
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the edma_probe() function in drivers/dma/ti/edma.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
148) Improper locking
EUVDB-ID: #VU92041
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26772
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_find_by_goal() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
149) Improper locking
EUVDB-ID: #VU93787
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26773
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ext4_mb_try_best_found() function in fs/ext4/mballoc.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
150) Division by zero
EUVDB-ID: #VU91377
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26777
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the sisfb_check_var() function in drivers/video/fbdev/sis/sis_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
151) Division by zero
EUVDB-ID: #VU91378
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26778
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the savagefb_check_var() function in drivers/video/fbdev/savage/savagefb_driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
152) Race condition
EUVDB-ID: #VU91480
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26779
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ieee80211_check_fast_xmit() function in net/mac80211/tx.c, within the sta_info_insert_finish() function in net/mac80211/sta_info.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
153) Use-after-free
EUVDB-ID: #VU90211
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26793
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the gtp_init() function in drivers/net/gtp.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
154) Use of uninitialized resource
EUVDB-ID: #VU90879
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26805
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the netlink_group_mask() function in net/netlink/af_netlink.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
155) Memory leak
EUVDB-ID: #VU91650
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26816
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
156) Integer overflow
EUVDB-ID: #VU88544
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26817
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
157) Memory leak
EUVDB-ID: #VU90471
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26839
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the init_credit_return() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
158) Memory leak
EUVDB-ID: #VU90005
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26840
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kmem_cache_free() and cachefiles_daemon_unbind() functions in fs/cachefiles/bind.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
159) Use-after-free
EUVDB-ID: #VU90194
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26852
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
160) NULL pointer dereference
EUVDB-ID: #VU90576
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26855
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_bridge_setlink() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
161) Use of uninitialized resource
EUVDB-ID: #VU90876
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26857
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_rx() function in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
162) NULL pointer dereference
EUVDB-ID: #VU90573
Risk: Low
CVSSv3.1: 3.2 [AV:L/AC:L/PR:L/UI:U/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26859
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
163) NULL pointer dereference
EUVDB-ID: #VU90574
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26878
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
164) Buffer overflow
EUVDB-ID: #VU91602
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26883
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
165) Buffer overflow
EUVDB-ID: #VU91604
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26884
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Update the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
166) Use-after-free
EUVDB-ID: #VU90197
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26898
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
167) Information disclosure
EUVDB-ID: #VU91363
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26901
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
168) NULL pointer dereference
EUVDB-ID: #VU92070
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26903
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rfcomm_process_rx() function in net/bluetooth/rfcomm/core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
169) Improper locking
EUVDB-ID: #VU92037
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26907
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the set_eth_seg() function in drivers/infiniband/hw/mlx5/wr.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
170) Input validation error
EUVDB-ID: #VU89054
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26922
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
171) Double free
EUVDB-ID: #VU90894
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26929
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
172) Double free
EUVDB-ID: #VU90895
Risk: Low
CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26930
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the kfree() function in drivers/scsi/qla2xxx/qla_os.c. A local user can execute arbitrary code.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
173) NULL pointer dereference
EUVDB-ID: #VU90563
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26931
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
174) Input validation error
EUVDB-ID: #VU94134
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26948
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_state_free() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
175) Information disclosure
EUVDB-ID: #VU91355
Risk: Low
CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-26993
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
176) Improper locking
EUVDB-ID: #VU91521
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27013
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
177) Improper locking
EUVDB-ID: #VU90768
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27014
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
178) Use-after-free
EUVDB-ID: #VU90178
Risk: Low
CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27043
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
179) NULL pointer dereference
EUVDB-ID: #VU90519
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27046
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
180) Incorrect calculation
EUVDB-ID: #VU93759
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27054
CWE-ID:
CWE-682 - Incorrect Calculation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
181) Improper locking
EUVDB-ID: #VU90765
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27072
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
182) Memory leak
EUVDB-ID: #VU90455
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27073
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
183) Memory leak
EUVDB-ID: #VU90453
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27074
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
184) Stack-based buffer overflow
EUVDB-ID: #VU91298
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27075
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
185) Memory leak
EUVDB-ID: #VU90450
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27078
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
186) Memory leak
EUVDB-ID: #VU90449
Risk: Low
CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27388
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.
MitigationUpdate the affected package the Linux Kernel to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Real Time 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
kernel-rt: before 4.12.14-10.182.1
kernel-rt_debug: before 4.12.14-10.182.1
kernel-source-rt: before 4.12.14-10.182.1
kernel-devel-rt: before 4.12.14-10.182.1
kernel-rt_debug-devel: before 4.12.14-10.182.1
kernel-rt_debug-devel-debuginfo: before 4.12.14-10.182.1
ocfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt-debugsource: before 4.12.14-10.182.1
cluster-md-kmp-rt: before 4.12.14-10.182.1
gfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt-devel: before 4.12.14-10.182.1
cluster-md-kmp-rt-debuginfo: before 4.12.14-10.182.1
kernel-rt_debug-debuginfo: before 4.12.14-10.182.1
dlm-kmp-rt: before 4.12.14-10.182.1
ocfs2-kmp-rt: before 4.12.14-10.182.1
kernel-rt_debug-debugsource: before 4.12.14-10.182.1
kernel-syms-rt: before 4.12.14-10.182.1
kernel-rt-devel-debuginfo: before 4.12.14-10.182.1
kernel-rt-base-debuginfo: before 4.12.14-10.182.1
kernel-rt-base: before 4.12.14-10.182.1
gfs2-kmp-rt-debuginfo: before 4.12.14-10.182.1
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20241646-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
