SUSE update for the Linux Kernel

1) Buffer overflow

EUVDB-ID: #VU93669

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47047

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the zynqmp_qspi_irq(), zynqmp_qspi_setuprxdma(), zynqmp_qspi_write_op(), zynqmp_qspi_exec_op() and zynqmp_qspi_probe() functions in drivers/spi/spi-zynqmp-gqspi.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU92071

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47181

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the tusb_musb_init() function in drivers/usb/musb/tusb6010.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU89395

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47182

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the scsi_mode_sense() function in drivers/scsi/scsi_lib.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) NULL pointer dereference

EUVDB-ID: #VU90586

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47183

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the lpfc_sli_issue_abort_iotag() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) NULL pointer dereference

EUVDB-ID: #VU90587

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47184

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i40e_sync_filters_subtask() and i40e_vsi_release() functions in drivers/net/ethernet/intel/i40e/i40e_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper locking

EUVDB-ID: #VU91528

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47185

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the flush_to_ldisc() function in drivers/tty/tty_buffer.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper locking

EUVDB-ID: #VU91527

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47187

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the arch/arm64/boot/dts/qcom/msm8998.dtsi. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Resource management error

EUVDB-ID: #VU93843

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47188

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the ufshcd_abort() function in drivers/scsi/ufs/ufshcd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Race condition

EUVDB-ID: #VU93380

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47189

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the run_ordered_work() and normal_work_helper() functions in fs/btrfs/async-thread.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds read

EUVDB-ID: #VU90325

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47191

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the resp_readcap16() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) State Issues

EUVDB-ID: #VU89240

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47192

CWE-ID: CWE-371 - State Issues

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error during iSCSI recovery within the store_state_field() function in drivers/scsi/scsi_sysfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Memory leak

EUVDB-ID: #VU90008

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47193

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the pm8001_init_ccb_tag(), pm8001_pci_remove() and remove() functions in drivers/scsi/pm8001/pm8001_init.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper initialization

EUVDB-ID: #VU92392

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47194

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper initialization error within the cfg80211_change_iface() function in net/wireless/util.c. A local user can execute arbitrary code.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU90204

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47195

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the spi_unregister_controller() function in drivers/spi/spi.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU90203

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47196

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the create_qp() function in drivers/infiniband/core/verbs.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) NULL pointer dereference

EUVDB-ID: #VU93057

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47197

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mlx5_debug_cq_remove() function in drivers/net/ethernet/mellanox/mlx5/core/debugfs.c, within the mlx5_core_destroy_cq() function in drivers/net/ethernet/mellanox/mlx5/core/cq.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Use-after-free

EUVDB-ID: #VU90208

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47198

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the lpfc_mbx_cmpl_fc_reg_login() function in drivers/scsi/lpfc/lpfc_hbadisc.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Memory leak

EUVDB-ID: #VU90476

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47199

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the parse_tc_nic_actions() and parse_tc_fdb_actions() functions in drivers/net/ethernet/mellanox/mlx5/core/en_tc.c, within the mlx5_tc_ct_match_add(), mlx5_tc_ct_parse_action() and __mlx5_tc_ct_flow_offload_clear() functions in drivers/net/ethernet/mellanox/mlx5/core/en/tc_ct.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Use-after-free

EUVDB-ID: #VU90206

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47200

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the drm_gem_prime_mmap() function in drivers/gpu/drm/drm_prime.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Resource management error

EUVDB-ID: #VU92971

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47201

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the iavf_disable_vf() function in drivers/net/ethernet/intel/iavf/iavf_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) NULL pointer dereference

EUVDB-ID: #VU90582

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47202

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the of_thermal_get_temp(), of_thermal_set_emul_temp(), of_thermal_get_trend() and of_thermal_set_trip_temp() functions in drivers/thermal/of-thermal.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Buffer overflow

EUVDB-ID: #VU93156

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47203

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the lpfc_drain_txq() function in drivers/scsi/lpfc/lpfc_sli.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU90205

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47204

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dpaa2_eth_remove() function in drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Memory leak

EUVDB-ID: #VU90007

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47205

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the DEFINE_SPINLOCK() and devm_sunxi_ccu_release() functions in drivers/clk/sunxi-ng/ccu_common.c, within the suniv_f1c100s_ccu_setup() function in drivers/clk/sunxi-ng/ccu-suniv-f1c100s.c, within the sun9i_a80_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80.c, within the sun9i_a80_usb_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-usb.c, within the sun9i_a80_de_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun9i-a80-de.c, within the sun8i_v3_v3s_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-v3s.c, within the sun8i_r40_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-r40.c, within the sunxi_h3_h5_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun8i-h3.c, within the sunxi_de2_clk_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-de2.c, within the sun8i_a83t_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun8i-a83t.c, within the sun8i_a33_ccu_setup() and ccu_pll_notifier_register() functions in drivers/clk/sunxi-ng/ccu-sun8i-a33.c, within the sun8i_a23_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun8i-a23.c, within the sun6i_a31_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun6i-a31.c, within the sun5i_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun5i.c, within the sun50i_h616_ccu_setup() function in drivers/clk/sunxi-ng/ccu-sun50i-h616.c, within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c, within the sunxi_r_ccu_init() function in drivers/clk/sunxi-ng/ccu-sun50i-h6-r.c, within the sun50i_a64_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a64.c, within the sun50i_a100_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100.c, within the sun50i_a100_r_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-a100-r.c, within the sun4i_ccu_init() and sunxi_ccu_probe() functions in drivers/clk/sunxi-ng/ccu-sun4i-a10.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU92072

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47206

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ohci_hcd_tmio_drv_probe() function in drivers/usb/host/ohci-tmio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) NULL pointer dereference

EUVDB-ID: #VU90583

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47207

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the snd_gf1_dma_interrupt() function in sound/isa/gus/gus_dma.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Use-after-free

EUVDB-ID: #VU90207

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47209

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rq_of_rt_se() and rt_rq_of_se() functions in kernel/sched/rt.c, within the free_fair_sched_group() and unregister_fair_sched_group() functions in kernel/sched/fair.c, within the sched_free_group(), sched_online_group(), cpu_cgroup_css_released() and cpu_cgroup_css_free() functions in kernel/sched/core.c, within the autogroup_destroy() function in kernel/sched/autogroup.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Input validation error

EUVDB-ID: #VU93688

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47210

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the tps6598x_block_read() function in drivers/usb/typec/tps6598x.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) NULL pointer dereference

EUVDB-ID: #VU89394

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47211

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the snd_usb_set_sample_rate_v2v3() function in sound/usb/clock.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Error Handling

EUVDB-ID: #VU89241

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47212

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect error handling within the mlx5_internal_err_ret_value() function in drivers/net/ethernet/mellanox/mlx5/core/cmd.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Memory leak

EUVDB-ID: #VU91649

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47214

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the hugetlb_mcopy_atomic_pte() function in mm/hugetlb.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Buffer overflow

EUVDB-ID: #VU93157

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47215

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the DECLARE_BITMAP(), resync_handle_seq_match(), mlx5e_ktls_add_rx() and mlx5e_ktls_rx_handle_resync_list() functions in drivers/net/ethernet/mellanox/mlx5/core/en_accel/ktls_rx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Memory leak

EUVDB-ID: #VU91648

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47216

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the asc_prt_adv_board_info() function in drivers/scsi/advansys.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) NULL pointer dereference

EUVDB-ID: #VU90584

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47217

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the set_hv_tscchange_cb() function in arch/x86/hyperv/hv_init.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) NULL pointer dereference

EUVDB-ID: #VU90585

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47218

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the hashtab_compute_size() function in security/selinux/ss/hashtab.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Out-of-bounds read

EUVDB-ID: #VU90324

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-47219

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the resp_report_tgtpgs() function in drivers/scsi/scsi_debug.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper locking

EUVDB-ID: #VU92033

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48631

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the __ext4_ext_check() function in fs/ext4/extents.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Stack-based buffer overflow

EUVDB-ID: #VU91299

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48632

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to stack overflow within the mlxbf_i2c_smbus_start_transaction() function in drivers/i2c/busses/i2c-mlxbf.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper locking

EUVDB-ID: #VU91451

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48634

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the gma_crtc_page_flip() function in drivers/gpu/drm/gma500/gma_display.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Resource management error

EUVDB-ID: #VU92987

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48636

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the dasd_alias_remove_device() and dasd_alias_get_start_dev() functions in drivers/s390/block/dasd_alias.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Use-after-free

EUVDB-ID: #VU90189

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48637

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the bnxt_tx_int() function in drivers/net/ethernet/broadcom/bnxt/bnxt.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Input validation error

EUVDB-ID: #VU93687

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48638

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the cgroup_get_from_id() function in kernel/cgroup/cgroup.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Information disclosure

EUVDB-ID: #VU91361

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48639

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the net/sched/cls_api.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) NULL pointer dereference

EUVDB-ID: #VU91238

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48640

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the bond_open() and bond_init() functions in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Memory leak

EUVDB-ID: #VU89996

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48642

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper locking

EUVDB-ID: #VU91452

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48644

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the taprio_enable_offload() and taprio_disable_offload() functions in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) NULL pointer dereference

EUVDB-ID: #VU90565

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48646

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efx_siena_hard_start_xmit() function in drivers/net/ethernet/sfc/siena/tx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) NULL pointer dereference

EUVDB-ID: #VU90564

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48647

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efx_probe_interrupts() function in drivers/net/ethernet/sfc/efx_channels.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) NULL pointer dereference

EUVDB-ID: #VU90566

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48648

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the efx_hard_start_xmit() function in drivers/net/ethernet/sfc/tx.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Memory leak

EUVDB-ID: #VU89997

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48650

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the __qlt_24xx_handle_abts() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Out-of-bounds read

EUVDB-ID: #VU89680

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48651

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in drivers/net/ipvlan/ipvlan_core.c. A remote attacker on the local network can send specially crafted packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Race condition

EUVDB-ID: #VU93379

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48652

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the ice_set_dflt_vsi_ctx(), ice_vsi_setup_q_map(), ice_vsi_setup_q_map_mqprio() and ice_vsi_cfg_tc() functions in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper locking

EUVDB-ID: #VU92032

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48653

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the ice_schedule_reset() function in drivers/net/ethernet/intel/ice/ice_main.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Memory leak

EUVDB-ID: #VU91645

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48654

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to memory leak within the nf_osf_find() function in net/netfilter/nfnetlink_osf.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

55) Out-of-bounds read

EUVDB-ID: #VU91400

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48655

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the scmi_domain_reset() function in drivers/firmware/arm_scmi/reset.c. A local user can execute arbitrary code.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

56) Information disclosure

EUVDB-ID: #VU91362

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48656

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the of_xudma_dev_get() function in drivers/dma/ti/k3-udma-private.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

57) Buffer overflow

EUVDB-ID: #VU91438

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48657

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to memory corruption within the validate_cpu_freq_invariance_counters() function in arch/arm64/kernel/topology.c. A local user can execute arbitrary code.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

58) Resource management error

EUVDB-ID: #VU93199

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48658

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to resource management error within the stat(), flush_all_cpus_locked() and kmem_cache_init() functions in mm/slub.c. A local user can execute arbitrary code.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

59) Buffer overflow

EUVDB-ID: #VU93399

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48659

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory corruption within the create_unique_id() and sysfs_slab_add() functions in mm/slub.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

60) Resource management error

EUVDB-ID: #VU93198

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48660

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to resource management error within the lineevent_create() function in drivers/gpio/gpiolib-cdev.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

61) Resource management error

EUVDB-ID: #VU93197

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48662

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to resource management error within the i915_gem_context_release() and context_close() functions in drivers/gpu/drm/i915/gem/i915_gem_context.c. A local user can execute arbitrary code.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

62) NULL pointer dereference

EUVDB-ID: #VU90567

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48663

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gpio_mockup_init() function in drivers/gpio/gpio-mockup.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

63) Resource management error

EUVDB-ID: #VU93644

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48667

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to improper management of internal resources within the smb3_insert_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

64) Resource management error

EUVDB-ID: #VU93645

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48668

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

The vulnerability allows a local user to corrupt data.

The vulnerability exists due to improper management of internal resources within the smb3_collapse_range() function in fs/cifs/smb2ops.c. A local user can corrupt data.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

65) Improper locking

EUVDB-ID: #VU90763

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48671

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the cgroup_attach_task_all() function in kernel/cgroup/cgroup-v1.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

66) Off-by-one

EUVDB-ID: #VU91174

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48672

CWE-ID: CWE-193 - Off-by-one Error

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an off-by-one error within the unflatten_dt_nodes() function in drivers/of/fdt.c. A local user can execute arbitrary code.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

67) Improper locking

EUVDB-ID: #VU92028

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48673

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the smc_wr_rx_process_cqes(), smc_wr_free_link() and smc_wr_create_link() functions in net/smc/smc_wr.c, within the smcr_link_init() function in net/smc/smc_core.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

68) Improper locking

EUVDB-ID: #VU90762

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48675

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the mmput_async() function in kernel/fork.c, within the mutex_unlock() function in drivers/infiniband/core/umem_odp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

69) Use-after-free

EUVDB-ID: #VU90175

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48686

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nvme_tcp_io_work() function in drivers/nvme/host/tcp.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

70) Out-of-bounds read

EUVDB-ID: #VU90314

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48687

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an out-of-bounds read error within the seg6_genl_sethmac() function in net/ipv6/seg6.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

71) NULL pointer dereference

EUVDB-ID: #VU90515

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48688

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the i40e_notify_client_of_netdev_close() and i40e_client_subtask() functions in drivers/net/ethernet/intel/i40e/i40e_client.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

72) Memory leak

EUVDB-ID: #VU91642

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48690

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the ice_qp_dis(), ice_xsk_pool_enable() and ice_xsk_pool_setup() functions in drivers/net/ethernet/intel/ice/ice_xsk.c, within the ice_xdp_setup_prog() function in drivers/net/ethernet/intel/ice/ice_main.c, within the ice_alloc_rx_buf_zc() and ice_vsi_cfg_rxq() functions in drivers/net/ethernet/intel/ice/ice_base.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

73) NULL pointer dereference

EUVDB-ID: #VU90516

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48692

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the srp_process_rsp() function in drivers/infiniband/ulp/srp/ib_srp.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

74) Information disclosure

EUVDB-ID: #VU91352

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48693

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to information disclosure within the brcmstb_pm_probe() function in drivers/soc/bcm/brcmstb/pm/pm-arm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

75) Improper locking

EUVDB-ID: #VU93387

Risk: Low

CVSSv3.1: 6.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48694

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to improper locking within the irdma_generate_flush_completions() function in drivers/infiniband/hw/irdma/utils.c. A local user can execute arbitrary code.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

76) Use-after-free

EUVDB-ID: #VU90171

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48695

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the dequeue_next_fw_event() and _scsih_fw_event_cleanup_queue() functions in drivers/scsi/mpt3sas/mpt3sas_scsih.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

77) Use-after-free

EUVDB-ID: #VU90172

Risk: Low

CVSSv3.1: 7.7 [AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48697

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __nvmet_req_complete() function in drivers/nvme/target/core.c. A local user can escalate privileges on the system.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

78) Memory leak

EUVDB-ID: #VU89989

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48698

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the crtc_debugfs_init() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

79) Information disclosure

EUVDB-ID: #VU91351

Risk: Low

CVSSv3.1: 2.9 [AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48700

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the vaddr_get_pfns() function in drivers/vfio/vfio_iommu_type1.c. A local user can gain access to sensitive information.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

80) Out-of-bounds read

EUVDB-ID: #VU90313

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48701

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_usb_parse_audio_interface() function in sound/usb/stream.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

81) Out-of-bounds read

EUVDB-ID: #VU90312

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48702

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the snd_emu10k1_pcm_channel_alloc() function in sound/pci/emu10k1/emupcm.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

82) NULL pointer dereference

EUVDB-ID: #VU90514

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48703

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the int3400_setup_gddv(), int3400_thermal_probe() and int3400_thermal_remove() functions in drivers/thermal/intel/int340x_thermal/int3400_thermal.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

83) Improper locking

EUVDB-ID: #VU91520

Risk: Low

CVSSv3.1: 4.8 [AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-48704

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the radeon_suspend_kms() function in drivers/gpu/drm/radeon/radeon_device.c. A local user can perform a denial of service (DoS) attack.

Update the affected package the Linux Kernel to the latest version.

SUSE Linux Enterprise Micro: 5.5

SUSE Real Time Module: 15-SP5

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

openSUSE Leap: 15.5

kernel-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt-debuginfo: before 1-150500.11.5.1

kernel-rt-devel: before 5.14.21-150500.13.52.1

kernel-syms-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-optional: before 5.14.21-150500.13.52.1

kernel-rt_debug-debugsource: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-devel: before 5.14.21-150500.13.52.1

ocfs2-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt_debug-livepatch-devel: before 5.14.21-150500.13.52.1

kernel-rt_debug-vdso: before 5.14.21-150500.13.52.1

dlm-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-SLE15-SP5-RT_Update_14-debugsource: before 1-150500.11.5.1

kernel-rt_debug-vdso-debuginfo: before 5.14.21-150500.13.52.1

gfs2-kmp-rt: before 5.14.21-150500.13.52.1

gfs2-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-livepatch-5_14_21-150500_13_52-rt: before 1-150500.11.5.1

reiserfs-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt: before 5.14.21-150500.13.52.1

dlm-kmp-rt: before 5.14.21-150500.13.52.1

kernel-rt-livepatch: before 5.14.21-150500.13.52.1

kernel-rt-optional-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt_debug-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-vdso-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debugsource: before 5.14.21-150500.13.52.1

kernel-rt-vdso: before 5.14.21-150500.13.52.1

kernel-rt-devel-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-debuginfo: before 5.14.21-150500.13.52.1

reiserfs-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-livepatch-devel: before 5.14.21-150500.13.52.1

cluster-md-kmp-rt: before 5.14.21-150500.13.52.1

kselftests-kmp-rt-debuginfo: before 5.14.21-150500.13.52.1

kernel-rt-extra-debuginfo: before 5.14.21-150500.13.52.1

kernel-source-rt: before 5.14.21-150500.13.52.1

kernel-devel-rt: before 5.14.21-150500.13.52.1

http://www.suse.com/support/update/announcement/2024/suse-su-20241663-1/

Q & A

Can this vulnerability be exploited remotely?